Vulnerable Apache Log4j Libraries - CVE-2021-44228

Owned by Franco Petrone
Last updated: Feb 02, 2022
1 min read

Page dedicated to companies statements on the current security issue.

General Guidance from Cybersecurity & Infrastructure Security Agency (CISA.gov) Apache Log4j Vulnerability Guidance | CISA

Helpful Video Presentation

Log4j Power Point Presentation

Log4j PDF

 

Immediate Actions to Protect Against Log4j Exploitation
• Discover all internet-facing assets that allow data inputs and use Log4j Java library anywhere in the stack.
• Discover all assets that use the Log4j library.
• Update or isolate affected assets. Assume compromise, identify common post-exploit sources and activity, and hunt for signs of malicious activity.
• Monitor for odd traffic patterns (e.g., JNDI LDAP/RMI outbound traffic, DMZ systems initiating outbound connections).

 

 

 

 

 

 

 

GE Products

Moxa

Win911

Arista

Kepware

GE APM Products

 

Products who didn't post an article but have no vulnerability to this issue

  • Stratus

 

 

Helpful ideo presentation

 

AutomaTech Inc.