Date: December 16, 2021
Vuln Id/CVE: CVE-2021-44228
Affected Product(s): None
On December 9, 2021, the Alibaba Cloud Security Team disclosed a zero-day vulnerability in the popular Apache Log4j logging framework. Known as Log4Shell, the vulnerability may be exploited to cause a vulnerable server to download and execute remote code hosted on a public URL.
Zentera products do not use Log4j and are not susceptible to CVE-2021-44228.
There is no impact to Zentera customers from Log4Shell.
As Zentera products are not vulnerable to Log4Shell, no mitigation is necessary for any Zentera components.
Customers may consider using Zentera Application Chambers to prevent vulnerable and unpatched servers from communicating with potentially malicious remote hosts. Potentially exploitable protocols include LDAP, LDAPS, Java Remote Method Invocation (RMI), DNS, and the Internet Inter-ORB Protocol (IIOP); Application Chambers may be configured to block these protocols from accessing hosts on the Internet. Note that this mitigation does not prevent successful exploit of the Log4Shell vulnerability, but will prevent damage by blocking delivery of the malicious payload, as well as provide an alert of the exploit attempt.
For Further Information
Please contact your Zentera Systems technical or sales representatives for further clarification regarding this or any other security concern.