Freigeschaltet am 14. Dezember 2021

Log4j-Schwäche

Am 10. Dezember 2021 wurde die Sicherheitslücke CVE-2021-44228 bekannt gegeben. Diese Sicherheitslücke betrifft das populäre Java-Modul Log4j und ermöglicht es einem Angreifer, möglicherweise die vollständige Kontrolle über den Server zu übernehmen, auf dem der Code läuft.

Anbei halten wir Sie auf dem Laufenden zu den offiziellen Statements der Hersteller. Wir aktualisieren den Inhalt durchgehend.

Zuletzt aktualisiert am 20.01.2022, 15:39

Rampiva

Bitte finden Sie das Statement von Rampiva unter: Information Rampiva

Nuix

"Your organization's security is vitally important to us. There has been a reported vulnerability in third-party software , Apache Log4j (detailed in CVE-2021-44228) which affects versions of Log4j 2.0-beta9 to 2.15. The exposure varies by Nuix software. - Affected Nuix Engine versions are 7.8 to 9.6. This includes Nuix Workstation, Imager, Server (9.0 - 9.6 only), RESTful, Investigate and Automation (v9.4 - 9.6). - Nuix ECC (v9.2 - 9.6) Nuix takes this issue seriously. Please note the following actions:
1. Nuix Cloud Licensing Service (CLS) has been patched .
2. Nuix Discover SaaS has robust security protocols and monitoring in place which prevent this vulnerability from being exploited.
3. Nuix is currently developing patches for its software stack to remediate this vulnerability. Once the patches have been completed and tested, we will publish these updates on the Nuix Customer Portal. If you have any questions or concerns, please reach out to us via our support channel or via your Account Manager. Thank you, Nuix Support"

Magnet

"We are aware of the Log4j vulnerability issue and are currently investigating any potential impact for Magnet products and services. Our initial investigations indicate that there is no impact to Magnet AXIOM or Magnet AXIOM Cyber. For other Magnet products, we hope to have more information available shortly."

Oxygen

"No part of the software is using this library. So, the software is not affected."

Cellebrite

Bitte finden Sie das Statement von Cellebrite unter: Information Cellebrite

Freezingdata

Bitte finden Sie das Statement von Freezingdata unter: Information Freezingdata

GetData

"Log4j is not used in our products."

VFC, MD5 Ltd

"I am pleased to confirm that our VFC software does not use the Apache Log4j library and consequently is not impacted by the recent “Log4Shell” (CVE-2021-44228) vulnerability."

OpenText

"OpenText has a Log4j Practice Team available to provide advice, guidance, and assistance on assessing and remediating this ongoing threat across your OpenText and wider IT ecosystem. OpenText provides solutions to protect all your IT applications, regardless of where you are in your response plan:

  • Vulnerability Testing and Penetration Scanning:
    Identify exposure and impact that arises from zero-day vulnerabilities, miss-configurations, and improper patch management processes.
  • Threat Hunting:
    Using threat intelligence, OpenText cybersecurity experts look for suspicious activities and assess any anomalies - non-human patterns, spikes of activity outside normal business hours and other red flags – to catch threat actors or insider threats.
  • Incident Response:
    Delivered by the OpenText Digital Forensics and Incident Response (“DFIR”) team, the objective is to respond to a security incident by determining the root cause, containing the threat, identifying & preserving all evidence, eradicating the threat, and assisting with controlled remediation.
  • Managed Detection and Response (MDR):
    Receive the detection and alerting needed to identify threats and provide rapid response to isolate and remediate in minutes not days."
Schliessen
Melden Sie sich für unseren Newsletter an:

Kontaktdaten

Bitte wählen Sie Ihren Bereich aus:

Corporate
Private
Law Enforcement
Government

Ich akzeptiere die Datenschutzerklärung

Bitte füllen Sie alle mit einem Stern (*) markierten Pflichtfelder aus.
Bitte geben Sie eine gültige E-Mail-Adresse ein.
Bitte wählen Sie Ihren Bereich aus.
Bitte akzeptieren Sie die Datenschutzerklärung.