NEWS
vScope and Apache Log4j (CVE-2021-44228, CVE-2021-4104)
Summary
- vScope is not using Log4j2
- vScope is not using JNDI or JMSAppender
…and is not affected by neither CVE-2021-44228 nor CVE-2021-4104.
Background
A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.15.0. It allows an attacker to execute arbitrary code by injecting attacker-controlled data into a logged message.
Read more at:
https://www.cve.org/CVERecord?id=CVE-2021-44228
Is vScope affected?
vScope uses Log4j 1.x which is not affected by CVE-2021-44228 (http://slf4j.org/log4shell.html). As Log4j 1.x does not offer the look-up mechanism used in the exploit, it does not suffer from CVE-2021-44228.
There has been another CVE created for Log4j 1.x, CVE-2021-4104, which states:
“…Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default.”
vScope is not configured to use JNDI or JMSAppender and is therefore not affected of CVE-2021-4104.
How can vScope help?
We have written a guide showing how you can use vScope to identify potential vulnerabilities in your IT. Find the blog post here: https://www.vscope.net/blog/two-reports-to-find-out-where-you-are-using-log4j/.
We carefully follow this issue and will update this post if any important news surface. If you have any questions you can reach out to customersuccess@infrasightlabs.com.
Subscribe to our Newsletter
Let us keep you posted on product updates, news, and market insights that help you build a more productive organization.
More from us…
Improve IT Service Management: How IT inventory supports you working in a service desk
BLOG Improving your IT Service Management: How IT inventory helps those working in Service Desk The Service Desk is the IT department's primary interface with the business. It is to a Service
vScope 3.29.0
vScope 3.29 3.29.3 April 15, 2024 What's new Property page for Organizational units added Now, users have access to comprehensive details about organizational units through property cards. These cards offer insights into General
Introducing PowerShell: Custom inventory of Registry Keys
PRODUCT UPDATE Windows PowerShell and Just Enough Administration: Unleashing New Dimensions in IT Inventory with vScope With PowerShell, you can now enjoy a more flexible and customizable approach to documenting and reporting on your
What is CMDB: A comprehensive guide to configuration management database
BLOG What Is a CMDB: A Comprehensive Guide to Configuration Management Database The Configuration Management Database (CMDB) is a crucial component of IT Service Management (ITSM). It serves as a central repository
The Ultimate Guide to IT Asset Inventory: Best Practices and Tools
BLOGThe Ultimate Guide to IT Asset Inventory: Best Practices and ToolsIn the ever-evolving world of technology, managing and maintaining IT assets is crucial for the smooth functioning of any organization. From hardware
Qlosr Group
QLOSR & VSCOPE Qlosr: "– vScope makes a real difference in our growth journey" With a stock listing, significant growth, and a substantial increase in new customers, a lot is happening at