SBN

Banyan Security Log4j Vulnerability Update

First, we want you to know that the Banyan Security solution is not impacted by the Log4j vulnerability.

As Banyan’s Chief Security Officer, I not only want to make sure that the Banyan organization and product offering are safe, but I’m interested in making sure our customers and partners are safe as well.

A severe vulnerability in the popular Java-based Apache logging library Log4j was recently discovered being exploited in the wild, and you’re no doubt seeing important communications from your tool stack vendors with recommendations for patching and remediation.

This library is used by thousands of services around the world, facilitating logging from applications into log files. The vulnerability allows unauthenticated remote code execution (RCE) and access to servers.

Please know that the Banyan Security Zero Trust Remote Access solution is not impacted by this vulnerability, as we do not use this library or Java.

This vulnerability does, however, merit your attention, so we’ve compiled some select resources for your consideration.

CVEs
At time of writing there are 10 CVEs related to the Log4j vulnerability. Remember that just because a vulnerability is “old” doesn’t mean it poses any less risk to your organization. Successful security programs manage vulnerabilities to their respective risk, and four of these are considered Critical.

CVE-2021-44228
CVE-2019-17571
CVE-2019-17531
CVE-2017-5645
CVE-2021-45046
CVE-2021-4104
CVE-2020-9488
CVE-2014-0722
CVE-2012-5616
CVE-2008-7261

Additional Resources
As you can imagine there are lots of resources out there that explain this in more detail; here’s a select few we recommend:

Apache.org: https://logging.apache.org/log4j/2.x/security.html

CVE Details: https://www.cvedetails.com/product/37215/?q=Log4j

NIST: https://nvd.nist.gov/vuln/search/results?form_type=Basic&results_type=overview&query=log4j&search_type=all&isCpeNameSearch=false

CISA: https://www.cisa.gov/uscert/ncas/current-activity/2021/12/13/cisa-creates-webpage-apache-log4j-vulnerability-cve-2021-44228

MITRE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228

If you have any questions about the Banyan solution, please do not hesitate to reach out.

The post Banyan Security Log4j Vulnerability Update first appeared on Banyan Security.

*** This is a Security Bloggers Network syndicated blog from Banyan Security authored by Den Jones. Read the original post at: https://www.banyansecurity.io/blog/banyan-security-log4j-vulnerability-update/?utm_source=rss&utm_medium=rss&utm_campaign=banyan-security-log4j-vulnerability-update