Freigeschaltet am 14. Dezember 2021
Am 10. Dezember 2021 wurde die Sicherheitslücke CVE-2021-44228 bekannt gegeben. Diese Sicherheitslücke betrifft das populäre Java-Modul Log4j und ermöglicht es einem Angreifer, möglicherweise die vollständige Kontrolle über den Server zu übernehmen, auf dem der Code läuft.
Anbei halten wir Sie auf dem Laufenden zu den offiziellen Statements der Hersteller. Wir aktualisieren den Inhalt durchgehend.
Zuletzt aktualisiert am 17.02.2022, 15:39
"Your organization's security is vitally important to us. There has been a reported vulnerability in third-party software , Apache Log4j (detailed in CVE-2021-44228) which affects versions of Log4j 2.0-beta9 to 2.15. The exposure varies by Nuix software. - Affected Nuix Engine versions are 7.8 to 9.6. This includes Nuix Workstation, Imager, Server (9.0 - 9.6 only), RESTful, Investigate and Automation (v9.4 - 9.6). - Nuix ECC (v9.2 - 9.6) Nuix takes this issue seriously. Please note the following actions:
1. Nuix Cloud Licensing Service (CLS) has been patched .
2. Nuix Discover SaaS has robust security protocols and monitoring in place which prevent this vulnerability from being exploited.
3. Nuix is currently developing patches for its software stack to remediate this vulnerability. Once the patches have been completed and tested, we will publish these updates on the Nuix Customer Portal. If you have any questions or concerns, please reach out to us via our support channel or via your Account Manager. Thank you, Nuix Support"
"We are aware of the Log4j vulnerability issue and are currently investigating any potential impact for Magnet products and services. Our initial investigations indicate that there is no impact to Magnet AXIOM or Magnet AXIOM Cyber. For other Magnet products, we hope to have more information available shortly."
"No part of the software is using this library. So, the software is not affected."
"Log4j is not used in our products."
VFC, MD5 Ltd
"I am pleased to confirm that our VFC software does not use the Apache Log4j library and consequently is not impacted by the recent “Log4Shell” (CVE-2021-44228) vulnerability."
"OpenText has a Log4j Practice Team available to provide advice, guidance, and assistance on assessing and remediating this ongoing threat across your OpenText and wider IT ecosystem. OpenText provides solutions to protect all your IT applications, regardless of where you are in your response plan:
- Vulnerability Testing and Penetration Scanning:
Identify exposure and impact that arises from zero-day vulnerabilities, miss-configurations, and improper patch management processes.
- Threat Hunting:
Using threat intelligence, OpenText cybersecurity experts look for suspicious activities and assess any anomalies - non-human patterns, spikes of activity outside normal business hours and other red flags – to catch threat actors or insider threats.
- Incident Response:
Delivered by the OpenText Digital Forensics and Incident Response (“DFIR”) team, the objective is to respond to a security incident by determining the root cause, containing the threat, identifying & preserving all evidence, eradicating the threat, and assisting with controlled remediation.
- Managed Detection and Response (MDR):
Receive the detection and alerting needed to identify threats and provide rapid response to isolate and remediate in minutes not days."