Dear Valued Customer,
A critical security vulnerability has been identified(as CVE-2021-44228) in Apache log4j library.
We have responded to this CVE-2021-44228 and taking counter action accordingly. To clarify below is the list of our service and impact.
Note:
Our summary covers only our cloud platform. Thus, each individual customer's OS, applications and IT systems are not covered. For best practice, we recommend our customers to check whether their IT system is affected by this vulnerability or not. We have shared useful links below to get started.
Useful links:
CISA log4j (CVE-2021-44228) guidance list by products.
https://github.com/cisagov/log4j-affected-db
Summary
Service Name | Result | Memo |
GIO US Dashboard | Not Affected | - |
E series platform | Not Affected | *Is not exposed to the internet |
VW series platform | Not Affected | *Is not exposed to the internet |
D series platform | Not Affected | *Is not exposed to the internet |
Simple Backup | Not Affected | **Blocked by Application Firewall |
vFirewall (ASAv/FortiOS/UDA) | Not Affected | - |
VPC | Not Affected | - |
UMM24 | Not Affected | - |
UMV(Seil/x86, Seil) | Not Affected | - |
* GIO US E, VW and D series are mitigated against CVE-2021-44228 from the internet (where attacks occur) and no immediate threat has been monitored and reported. In addition, We will update internal back-end application with a security patch once it is available for us to make sure we are fully protected.
** Simple Backup is protected against CVE-2021-44228 from internet (where attacks occur) and no immediate threat has been monitored and reported. Our upstream partner is working on the back-end application to secure (or workaround if needed) the entire system from CVE-2021-44228.
We will update progress on this page or contact our help desk if you have a question.
Comments
0 comments
Article is closed for comments.