search cancel

Log4j2 vulnerability in Security Analytics?

book

Article ID: 230280

calendar_today

Updated On:

Products

Security Analytics

Issue/Introduction

It has been announced that a remotely exploitable 0-day vulnerability for the popular Java logging library Log4j has been discovered and that code to exploit this is in the public domain. If exploited, this enables execution of code and potentially full control of the target machine - scanning for vulnerable machines is now being reported.

Details of the CVE can be found here: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4104

CVE-2021-4104

Log4j is used widely by many applications for logging and the vulnerability affects versions 2.0 to 2.14.1 of Log4j

Environment

Release : All versions

Resolution

Security Analytics includes log4j-1.2.17, which has been determined to be vulnerable to the Log4Shell attack under CVE-4104. However, based on the configuration of Security Analytics, the system is not vulnerable, and cannot be made vulnerable without already having elevated permissions. Security Analytics may be further hardened by disabling the Anomaly Detection feature, which will prevent the log4j library from being loaded.