NEWS

vScope and Apache Log4j (CVE-2021-44228, CVE-2021-4104)

Summary

  1. vScope is not using Log4j2
  2. vScope is not using JNDI or JMSAppender

…and is not affected by neither CVE-2021-44228 nor CVE-2021-4104.

Background

A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.15.0. It allows an attacker to execute arbitrary code by injecting attacker-controlled data into a logged message.

Read more at:

https://www.cve.org/CVERecord?id=CVE-2021-44228

Is vScope affected?

vScope uses Log4j 1.x which is not affected by CVE-2021-44228 (http://slf4j.org/log4shell.html). As Log4j 1.x does not offer the look-up mechanism used in the exploit, it does not suffer from CVE-2021-44228.

There has been another CVE created for Log4j 1.x, CVE-2021-4104, which states:

“…Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default.”

vScope is not configured to use JNDI or JMSAppender and is therefore not affected of CVE-2021-4104.

How can vScope help?

We have written a guide showing how you can use vScope to identify potential vulnerabilities in your IT. Find the blog post here: https://www.vscope.net/blog/two-reports-to-find-out-where-you-are-using-log4j/.

We carefully follow this issue and will update this post if any important news surface. If you have any questions you can reach out to customersuccess@infrasightlabs.com.

PUBLISHED December 13, 2021
Anton Berghult Profile Picture

Anton Berghult

Stars and review
vScope är Great Place to Work

Supercharge your organization with vScope

vScope is trusted by companies worldwide, spanning various industries, to enhance IT collaboration and elevate quality standards. From discovery and asset management, to CMDB and IT Billing.

Ready to experience the difference? Share your contact details, and we’ll connect with you soon!

Subscribe to our Newsletter

Let us share product updates, news, and market insights directly to your inbox.


    By subscribing I allow InfraSight Labs to store and process my personal data according to our Privacy Policy

    More from us…

    Full Control Over Users and Issues in Jira with vScope

    May 19th, 2025|Comments Off on Full Control Over Users and Issues in Jira with vScope

    Gain complete control over your Jira users and issues with vScope's new integration. Effortlessly track licenses, identify cost savings, and connect issues with IT services for enhanced efficiency and documentation.

    Securing Your Windows Data Center: Best Practices for IT Discovery Read Accounts

    April 22nd, 2025|Comments Off on Securing Your Windows Data Center: Best Practices for IT Discovery Read Accounts

    Learn how to securely set up IT discovery in your Windows network. Learn about managing permissions and access for read accounts using Microsoft technologies.

    Getting Started with IT Governance in vScope

    February 27th, 2025|Comments Off on Getting Started with IT Governance in vScope

    February 27, 2025 · Anton Berghult · Guide IT Governance · 3 min Three Tips for Getting Started with IT Governance in vScope IT governance can be challenging when managing complex IT assets, documentation, and

    vScope 3.31.0

    February 11th, 2025|Comments Off on vScope 3.31.0

    vScope 3.31 3.31.8 – APRIL 23Bug FixesFix for not being able to create Tracker case from Tables.Fixed a small spelling error.3.31.7 – APRIL 23 Never Miss Important Updates in