Apache Log4j2 Issue
  • 08 Mar 2022
  • 1 Minute to read
  • Dark
    Light
  • PDF

Apache Log4j2 Issue

  • Dark
    Light
  • PDF

Apache Log4j2 Vulnerability Update

Last updated 2022-03-08 3:02 PM Pacific

Webtrends is aware of the recently disclosed security issue relating to the open-source Apache “Log4j2" utility (CVE-2021-44228). Systems and services that use the Log4j Java logging library between versions 2.0 and 2.14.1 are all affected.

Webtrends uses an older version of Log4j (1.2.15) which is not directly vulnerable as it does not offer a JNDI look up mechanism. However, Log4j 1.x comes with JMSAppender, which will perform a JNDI lookup if enabled in Log4j's configuration file.

Read below for steps we are taking for our products.

On Demand

Mitigation
Webtrends uses a Web Application Firewall to protect Internet-facing systems. The WAF rules have been updated to protect against this exploit.

Detection
We have reviewed security logs and have not seen any attempts to exploit this vulnerability.

Remediation
We are upgrading log4j libraries to log4j2 v2.17.

On Premises

Webtrends Analytics On-Premesis clients should download the hotfix below and run on their Webtrends systems. Please contact Technical Support for assistance.

Webtrends Analytics On Premises Log4Shell Hotfix v1.7

This hotfix will replace the log4j component with log4j2 version 2.17.2 which includes the fix for CVE-2021-45105, CVE-2021-45046 and CVE-2021-44228 "Log4Shell" vulnerabilities.

Note that previous hot fix v1.6 has been replaced with v1.7 which includes additional security fixes for log4j2.

Download webtrends_log4shell_hotfix_v1.7.zip
SHA256 Hash: A7A8491D7F13CD81FBE98B03E0BDFC1244A584569BAFE46809924B3E0451B335

3rd Party Vendors

Webtrends is reaching out to our vendors to ensure they are aware and updating their systems accordingly.

Amazon Web Services has already taken steps and is communicating updates here: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Entrust has communicated to Webtrends that mitigations are in effect and no actions are required.

Salesforce has already taken steps and is communicating updates here: https://help.salesforce.com/s/articleView?id=000363736&type=1


Was this article helpful?