NEWS

vScope and Apache Log4j (CVE-2021-44228, CVE-2021-4104)

Summary

  1. vScope is not using Log4j2
  2. vScope is not using JNDI or JMSAppender

…and is not affected by neither CVE-2021-44228 nor CVE-2021-4104.

Background

A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.15.0. It allows an attacker to execute arbitrary code by injecting attacker-controlled data into a logged message.

Read more at:

https://www.cve.org/CVERecord?id=CVE-2021-44228

Is vScope affected?

vScope uses Log4j 1.x which is not affected by CVE-2021-44228 (http://slf4j.org/log4shell.html). As Log4j 1.x does not offer the look-up mechanism used in the exploit, it does not suffer from CVE-2021-44228.

There has been another CVE created for Log4j 1.x, CVE-2021-4104, which states:

“…Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default.”

vScope is not configured to use JNDI or JMSAppender and is therefore not affected of CVE-2021-4104.

How can vScope help?

We have written a guide showing how you can use vScope to identify potential vulnerabilities in your IT. Find the blog post here: https://www.vscope.net/blog/two-reports-to-find-out-where-you-are-using-log4j/.


We carefully follow this issue and will update this post if any important news surface. If you have any questions you can reach out to customersuccess@infrasightlabs.com.

PUBLISHED December 13, 2021
Anton Berghult Profile Picture

Anton Berghult

Stars and review
vScope är Great Place to Work

Supercharge your organization with IT-inventory!

vScope is trusted by companies worldwide, spanning various industries, to enhance IT collaboration and elevate quality standards.

Ready to experience the difference? Share your contact details, and we’ll connect with you soon!

Subscribe to our Newsletter

Let us keep you posted on product updates, news, and market insights that help you build a more productive organization.


    By subscribing I allow InfraSight Labs to store and process my personal data according to our Privacy Policy

    More from us…

    • vScope logo on a blue background

    vScope 3.29.0

    February 7th, 2024|Comments Off on vScope 3.29.0

    vScope 3.29 3.29.1February 5, 2024What's newCustom Tag Collection from Azure RMEnhance your cloud environment inventory in vScope by creating custom tags with values sourced directly from your Azure RM environment. This

    • Powershell in vScope

    Introducing PowerShell: Custom inventory of Registry Keys

    January 30th, 2024|Comments Off on Introducing PowerShell: Custom inventory of Registry Keys

    PRODUCT UPDATE Windows PowerShell and Just Enough Administration: Unleashing New Dimensions in IT Inventory with vScope With PowerShell, you can now enjoy a more flexible and customizable approach to documenting and reporting on your

    • vScope By InfraSight Labs

    What is CMDB: A comprehensive guide to configuration management database

    November 28th, 2023|Comments Off on What is CMDB: A comprehensive guide to configuration management database

    BLOG What Is a CMDB: A Comprehensive Guide to Configuration Management Database The Configuration Management Database (CMDB) is a crucial component of IT Service Management (ITSM). It serves as a central repository

    • IT Asset Inventory Best practices & tools Cover Photo

    The Ultimate Guide to IT Asset Inventory: Best Practices and Tools

    November 28th, 2023|Comments Off on The Ultimate Guide to IT Asset Inventory: Best Practices and Tools

    BLOGThe Ultimate Guide to IT Asset Inventory: Best Practices and ToolsIn the ever-evolving world of technology, managing and maintaining IT assets is crucial for the smooth functioning of any organization. From hardware

    Qlosr Group

    November 17th, 2023|Comments Off on Qlosr Group

    QLOSR & VSCOPE Qlosr: "– vScope makes a real difference in our growth journey" With a stock listing, significant growth, and a substantial increase in new customers, a lot is happening at

    • IT Cost Reporting in vScope

    Free Guide Billing & Cost Reporting: Get started adding prices to your IT

    November 16th, 2023|Comments Off on Free Guide Billing & Cost Reporting: Get started adding prices to your IT

    FREE GUIDE Cost reporting for IT - Five tips to get started! How to get started with increasing transparency between IT and operations through effective cost reporting.