- 08 Mar 2022
- 1 Minute to read
-
Print
-
DarkLight
-
PDF
Apache Log4j2 Issue
- Updated on 08 Mar 2022
- 1 Minute to read
-
Print
-
DarkLight
-
PDF
Last updated 2022-03-08 3:02 PM Pacific
Webtrends is aware of the recently disclosed security issue relating to the open-source Apache “Log4j2" utility (CVE-2021-44228). Systems and services that use the Log4j Java logging library between versions 2.0 and 2.14.1 are all affected.
Webtrends uses an older version of Log4j (1.2.15) which is not directly vulnerable as it does not offer a JNDI look up mechanism. However, Log4j 1.x comes with JMSAppender, which will perform a JNDI lookup if enabled in Log4j's configuration file.
Read below for steps we are taking for our products.
On Demand
Mitigation
Webtrends uses a Web Application Firewall to protect Internet-facing systems. The WAF rules have been updated to protect against this exploit.
Detection
We have reviewed security logs and have not seen any attempts to exploit this vulnerability.
Remediation
We are upgrading log4j libraries to log4j2 v2.17.
On Premises
Webtrends Analytics On-Premesis clients should download the hotfix below and run on their Webtrends systems. Please contact Technical Support for assistance.
This hotfix will replace the log4j component with log4j2 version 2.17.2 which includes the fix for CVE-2021-45105, CVE-2021-45046 and CVE-2021-44228 "Log4Shell" vulnerabilities.
Note that previous hot fix v1.6 has been replaced with v1.7 which includes additional security fixes for log4j2.
Download webtrends_log4shell_hotfix_v1.7.zip
SHA256 Hash: A7A8491D7F13CD81FBE98B03E0BDFC1244A584569BAFE46809924B3E0451B335
3rd Party Vendors
Webtrends is reaching out to our vendors to ensure they are aware and updating their systems accordingly.
Amazon Web Services has already taken steps and is communicating updates here: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
Entrust has communicated to Webtrends that mitigations are in effect and no actions are required.
Salesforce has already taken steps and is communicating updates here: https://help.salesforce.com/s/articleView?id=000363736&type=1