NEWS

vScope and Apache Log4j (CVE-2021-44228, CVE-2021-4104)

PUBLISHED December 13, 2021 (Updated: December 14, 2021)

Summary

  1. vScope is not using Log4j2
  2. vScope is not using JNDI or JMSAppender

…and is not affected by neither CVE-2021-44228 nor CVE-2021-4104.

Background

A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.15.0. It allows an attacker to execute arbitrary code by injecting attacker-controlled data into a logged message.

Read more at:

https://www.cve.org/CVERecord?id=CVE-2021-44228

Is vScope affected?

vScope uses Log4j 1.x which is not affected by CVE-2021-44228 (http://slf4j.org/log4shell.html). As Log4j 1.x does not offer the look-up mechanism used in the exploit, it does not suffer from CVE-2021-44228.

There has been another CVE created for Log4j 1.x, CVE-2021-4104, which states:

“…Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default.”

vScope is not configured to use JNDI or JMSAppender and is therefore not affected of CVE-2021-4104.

How can vScope help?

We have written a guide showing how you can use vScope to identify potential vulnerabilities in your IT. Find the blog post here: https://www.vscope.net/blog/two-reports-to-find-out-where-you-are-using-log4j/.


We carefully follow this issue and will update this post if any important news surface. If you have any questions you can reach out to customersuccess@infrasightlabs.com.

About vScope

vScope is fast and easy IT reporting, helping companies improve collaborations, innovation, and operational efficiency. Based on industry-leading IT inventory, vScope keeps your reports and documentation updated, so that people in your organization always can access relevant insights about IT.

Get Started

More from us…

  • vScope – Effortless IT Reporting

vScope 3.24.0

June 27th, 2022|0 Comments

vScope 3.24 3.24.1June 30, 2022 Directory Machines have been disabled. Computers in Active Directory are found under 'All Machines' 3.24.0 June 27, 2022 Features 🎉 Invite users via

New Integration: Microsoft 365 Defender

June 15th, 2022|0 Comments

PRODUCT UPDATE New Integration: Microsoft 365 Defender Microsoft Defender for Office 365 is a cloud-based email filtering service that helps protect your organization against advanced threats like phishing and malware

Invite people to vScope via email

June 15th, 2022|0 Comments

PRODUCT UPDATE Invite people to vScope via email Now you can invite any user to vScope by adding its email as collaborator. This means that collaborators don't have to be

  • vScope – Effortless IT Reporting

vScope 3.23.0

May 23rd, 2022|0 Comments

vScope 3.23 3.23.1 May 30, 2022 Improvements Fixed styling in Tracker Updated Save button behavior in Table Explorer 3.23.0 May 23, 2022 Features 🎉 New integration: Microsoft 365 Defender 🎉 Tag Manager: Improved with

  • vScope – Effortless IT Reporting

vScope 3.22.0

May 5th, 2022|0 Comments

vScope 3.22.0 May 5, 2022 Features 🎉 Nutanix Integration: Fetch more assets by connecting vScope to Nutanix Improvements Filter Service Cards based on layout in vScope Service Mapping Pagination of Service Cards to enhance