NEWS

vScope and Apache Log4j (CVE-2021-44228, CVE-2021-4104)

Summary

  1. vScope is not using Log4j2
  2. vScope is not using JNDI or JMSAppender

…and is not affected by neither CVE-2021-44228 nor CVE-2021-4104.

Background

A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.15.0. It allows an attacker to execute arbitrary code by injecting attacker-controlled data into a logged message.

Read more at:

https://www.cve.org/CVERecord?id=CVE-2021-44228

Is vScope affected?

vScope uses Log4j 1.x which is not affected by CVE-2021-44228 (http://slf4j.org/log4shell.html). As Log4j 1.x does not offer the look-up mechanism used in the exploit, it does not suffer from CVE-2021-44228.

There has been another CVE created for Log4j 1.x, CVE-2021-4104, which states:

“…Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default.”

vScope is not configured to use JNDI or JMSAppender and is therefore not affected of CVE-2021-4104.

How can vScope help?

We have written a guide showing how you can use vScope to identify potential vulnerabilities in your IT. Find the blog post here: https://www.vscope.net/blog/two-reports-to-find-out-where-you-are-using-log4j/.


We carefully follow this issue and will update this post if any important news surface. If you have any questions you can reach out to customersuccess@infrasightlabs.com.

PUBLISHED December 13, 2021
Anton Berghult Profile Picture

Anton Berghult

Stars and review
vScope är Great Place to Work

Supercharge your organization with IT Discovery!

vScope is trusted by companies worldwide, spanning various industries, to enhance IT collaboration and elevate quality standards.

Ready to experience the difference? Share your contact details, and we’ll connect with you soon!

Subscribe to our Newsletter

Let us keep you posted on product updates, news, and market insights that help you build a more productive organization.


    By subscribing I allow InfraSight Labs to store and process my personal data according to our Privacy Policy

    More from us…

    • Featured Image

    How to Keep Your Software Up-to-Date and Why It Matters

    September 10th, 2024|Comments Off on How to Keep Your Software Up-to-Date and Why It Matters

    NEWS How to Keep Your Software Up-to-Date and Why It Matters Software plays a critical role in every business's daily operations, from communication to data management. But keeping software up-to-date is

    vScope 3.30.0

    August 29th, 2024|Comments Off on vScope 3.30.0

    vScope 3.30 3.30.4 October 14, 2024 Shortcut to Cases that you follow We are improving the Home Screen to make it the go-to place for general insights about your IT. In

    • vScope Tracker

    Tracker’s got a new look

    August 28th, 2024|Comments Off on Tracker’s got a new look

    NEWS Let vScope track anomalies and changes for you Start off your week with a new fresh look of vScope's popular alerting tool – Tracker. Setting up cases to keep track

    Improve IT Service Management: How IT inventory supports you working in a service desk

    February 27th, 2024|Comments Off on Improve IT Service Management: How IT inventory supports you working in a service desk

    BLOG Improving your IT Service Management: How IT inventory helps those working in Service Desk The Service Desk is the IT department's primary interface with the business. It is to a

    • vScope logo on a blue background

    vScope 3.29.0

    February 7th, 2024|Comments Off on vScope 3.29.0

    vScope 3.29 3.29.8 June 17, 2024 What's new Export Price lists in Billing We have added the possibility to export price lists in Billing. You can either export a single

    • Powershell in vScope

    Introducing PowerShell: Custom inventory of Registry Keys

    January 30th, 2024|Comments Off on Introducing PowerShell: Custom inventory of Registry Keys

    PRODUCT UPDATE Windows PowerShell and Just Enough Administration: Unleashing New Dimensions in IT Inventory with vScope With PowerShell, you can now enjoy a more flexible and customizable approach to documenting and reporting on your