Devo Security Advisory for Apache Log4j

default_image

Devo

, , , , , , , , ,
Reading Time : 2min read
Devo Advisory ID: Devo-2021-fz91vh

Severity: Critical

Published: 2021-12-17 13:00 GMT

Updated: –

 CVSSv3 Score: 10

CVE-2021-44228

CVE-2021-45046

Context: A third-party vulnerability was discovered on December 9, 2021 in the Apache Log4j Library whereby a critical remote code execution may be possible. All systems using the Log4j library version from 2.0-beta 9 to 2.15.0 are considered vulnerable. 

Summary

Investigation

At this time, all the Devo products in the different cloud environments have been investigated for potential log4j vulnerabilities using both manual and automated checks. 

Impacted Cloud Environments

The following Devo cloud environments have been upgraded to Log4j 2.16.0 as of December 17, 2021:

  • us.devo.com
  • eu.devo.com
  • ca.devo.com

Impacted Cloud Products

The following Devo products have been upgraded to Log4j 2.16.0 as of December 17, 2021:

  • Devo Platform up to 7.7.2 and fixed in 7.8.0
  • Devo Flow 1.4.0 fixed in 1.4.1

Impacted Cloud Services

The following Devo cloud services have been upgraded to Log4j 2.16.0 as of December 17, 2021:

  • Correlation – log4j component has been upgraded from 2.11.2 to 2.16
  • Query Engine – log4j component has been upgraded from 2.11.2 to 2.16
  • Search UI – log4j component has been upgraded from 2.11.2 to 2.16
  • Data Persistence – log4j component has been upgraded from 2.11.2 to 2.16
  • Web UI – log4j component has been upgraded from 2.11.2 to 2.16
  • ActiveBoards – log4j component has been upgraded from 2.11.2 to 2.16
  • Security Operations – log4j  8 of 9 components have been upgraded from 2.11.2 to 2.16, one subservice has been mitigated.

Confirmed Non-Impacted Cloud Products

As part of our investigation, we’ve determined the following products are not impacted by CVE-2021-44228:

  • Devo Relay
  • Devo Service Operations
  • Devo Endpoint Agent & Manager
  • Devo Stats
  • Devo Collection Server

Other Information

As our investigation continues we will continue to update this advisory.

Additionally, to assist your independent investigations to potentially uncover targeted abuse of the log4j vulnerability or exploitation across your enterprise, we recommend that you read the blog post written by the Devo Security Research Team: 

https://www.devo.com/detection-of-log4shell-vulnerability-and-exploitation-with-devo/

 

 

You Might Also Be Interested in

August 3, 2021

XDR Security: Why Successful XDR Is Driven by Data and Security Analytics

loggingdatasecurity analyticsendpoint detection and responseEDRXDRMXDROptivextended detection and responseMDRmanaged detection and response
default_image

Chris O’Brien
February 16, 2022

Introducing Devo Cloud Security Monitoring Detections

security operationsSOCcybersecuritySIEMcloud securityamazon web servicesAWS
default_image

Mike Lyons
February 22, 2022

Devo Channel Chief on the Company’s Success, Making the CRN Security 100, and What’s Ahead

SOCdatacybersecuritysecurity analyticscloud securitychannel partnersCRNChannel ChiefCRN Cloud 100partners
default_image

Gary Pelczar
October 11, 2022

2022 Devo SOC Performance Report: Familiar Challenges Facing Security Workers

security operationssecurity operations centerSOCSOC analystcybersecuritysurveySOC teamsSOC toolsSOC analyst pain
default_image

Devo

Ready to release the full potential of your security data?

Request a Demo Let’s Chat