Technical Bulletin: Apache Software Log4j – Security Vulnerability CVE-2021-44228

Release Date: December 14, 2021

NOTICE: The information in this document, including products and software versions, is current as of the Release Date. This document is subject to change without notice.

Top Gun Impact Analysis of Internal Systems and Service Platforms

Top Gun has conducted a vulnerability review and has not identified any impacts to Top Gun internal systems or service platforms.

On December 10th the National Vulnerability Database released alert CVE-2021-44228 relating to Apache Log4j2 vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2021-44228.  Log4j is a commonly used logging library made by the Apache Software Foundation. Information can be found at https://logging.apache.org/log4j/2.x/security.html

Top Gun recommends that clients review their products and check for vulnerable versions of Apache Log4j in their environments and applications and apply fixes as recommended by the OEM.

OEM Products

12/14/2021: The following matrix can provide further information on the impact to specific OEM Products.

NIST https://nvd.nist.gov/vuln/detail/CVE-2021-44228
NetApp https://security.netapp.com/advisory/ntap-20211210-0007/
IBM https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/
HPE https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us
Cisco https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd
Brocade https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1651
Hitachi https://knowledge.hitachivantara.com/Support_Information/Hitachi_Vantara_Security_Advisories/CVE-2021-44228_-_Apache_Log4j2
Dell/EMC https://www.dell.com/support/kbdoc/en-ca/000194372/dsn-2021-007-dell-response-to-apache-log4j-remote-code-execution-vulnerability
Oracle https://www.oracle.com/security-alerts/alert-cve-2021-44228.html

­

Top Gun, Inc shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided “as is” without warranty of any kind. To the extent permitted by law, neither Top Gun nor its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice.