DTEN notes that the industry has made public the technical details and POC of the Apache Log4j2 high-risk vulnerability, vulnerability number CVE-2021-44228. Attackers can directly construct malicious requests to exploit this vulnerability and trigger remote code execution.
DTEN has completed a review and analysis of all our hardware and software products, including our Orbit managed software as a service (MSaaS) product. Our internal audits have found that DTEN products and services do not utilize any components related to the usage of Log4J or use any affected security components related to the usage of Log4J as defined in CVE-2021-44228.
Vulnerability analysis
The Apache Log4j2 remote code execution vulnerability attack code appeared on the night of December 9, according to Slow Fog Security Intelligence. This vulnerability exploits Apache Struts2, Apache Solr, Apache Druid, And Apache Flink without special configuration.
Scope of vulnerability
It has been verified that none of the DTEN product versions are affected by this vulnerability.
If you have additional questions or need to contact DTEN Support, please refer to this DTEN Knowledge Base article for more details: HERE.
Comments
0 comments
Article is closed for comments.