{"id":26769,"date":"2021-12-10T14:35:10","date_gmt":"2021-12-10T14:35:10","guid":{"rendered":"https:\/\/www.n-able.com\/?page_id=26769"},"modified":"2021-12-22T16:23:33","modified_gmt":"2021-12-22T16:23:33","slug":"apache-log4j-vulnerability","status":"publish","type":"page","link":"https:\/\/www.n-able.com\/de\/trust-center\/apache-log4j-vulnerability","title":{"rendered":"Apache Log4j Vulnerability"},"content":{"rendered":"<p class=\"font-italic\" style=\"font-size: 12px !important;\">Last updated: December 22, 2021<\/p>\n<p>As you may know, a vulnerability within the Apache Log4j tool was identified on Friday, December 10, 2021 \u2013 tracked as  <a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2021-44228\" target=\"_blank\" rel=\"noopener\">CVE-2021-44228<\/a>. Log4j is a logging framework created by Apache and used widely across the internet. Many, many services are potentially vulnerable to this exploit. <\/p>\n<p>Our Security, Engineering and DevOps teams, under the direction of our CSO, conducted a full impact assessment once the vulnerability was initially identified December 10 and found no evidence of successful exploitation. In addition, our internal Red Team completed a deep analysis of our code as well as testing.<\/p>\n<p>Since then, the Apache Software Foundation (ASF) has rolled out additional updates to address <a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2021-45105\" target=\"_blank\" rel=\"noopener\">CVE-2021-45105<\/a> and <a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2021-45046\" target=\"_blank\" rel=\"noopener\">CVE-2021-45046<\/a>. In response, N&#8209;able engineers have removed the log4j package from the RMM platform. RMM is no longer at risk from this vulnerability or any potential future log4j vulnerabilities. Risk Intelligence deployed appropriate patches as of 4 a.m. EST December 21, 2021.<\/p>\n<p>N&#8209;able can confirm there are <strong>no vulnerabilities in these products<\/strong>, as they do not utilize a vulnerable version of Apache Log4j or they may not utilize Apache Log4j at all: <\/p>\n<div class=\"content fontsize--sml\">\n<ul>\n<li>*N&#8209;central <\/li>\n<li>Backup<\/li>\n<li>Mail Assure <\/li>\n<li>MSP Manager <\/li>\n<li>Passportal <\/li>\n<li>N&#8209;able Service Desk<\/li>\n<li>SpamExperts <\/li>\n<li>SSO<\/li>\n<li>Take Control<\/li>\n<\/ul>\n<\/div>\n<p>* It was initially believed that N&#8209;central may have utilized a vulnerable version of Apache Log4j. After further investigation, it was determined that <strong>N&#8209;central was not vulnerable<\/strong> because N&#8209;central only utilizes the Log4j-API component, and not the Log4j-core component. We apologize for any confusion.<\/p>\n<p>Our teams have not found any active exploits of this vulnerability, are confident in the safe use of N&#8209;able products and don\u2019t recommend taking any N&#8209;able services offline.   Our hosted RMM instances are architected behind a Web Application Firewall, which is configured to proactively prevent attacks against our systems.<\/p>\n<p>This potential vulnerability remains a top priority for our Security, Engineering and DevOps teams. We continue to monitor for any developments with this evolving industry-wide risk and will re-evaluate for exposure as necessary. Thank you for your continued patience and understanding.<\/p>\n<h3>Additional links<\/h3>\n<div class=\"content fontsize--sml\">\n<ul>\n<li>CVE: <a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2021-44228\" target=\"_blank\" rel=\"noopener\">https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2021-44228<\/a><\/li>\n<li><a href=\"\/blog\/questions-to-ask-your-customers-before-next-vulnerability\">The questions to ask your customers before the next software vulnerability<\/a><\/li>\n<li><a href=\"https:\/\/me.n-able.com\/s\/article\/Log4j-Vulnerability-Scanner-CVE-2021-44228-RMM\" target=\"_blank\" rel=\"noopener\">Log4j Vulnerability Scanner<\/a><\/li>\n<\/ul>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Last updated: December 22, 2021 As you may know, a vulnerability within the Apache Log4j tool was identified on Friday, December 10, 2021 \u2013 tracked as CVE-2021-44228. Log4j is a&#8230;<\/p>\n","protected":false},"author":5,"featured_media":0,"parent":22989,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"page-template-document.php","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"class_list":["post-26769","page","type-page","status-publish","hentry"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.2 (Yoast SEO v27.2) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Apache Log4j Vulnerability - N-able<\/title>\n<meta name=\"description\" content=\"A vulnerability within the Apache Log4j tool has been identified - tracked as CVE-2021-44228. We are actively assessing the potential impact to N-able products.\" \/>\n<meta name=\"robots\" content=\"noindex, nofollow\" \/>\n<meta property=\"og:locale\" content=\"de_DE\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Apache Log4j Vulnerability - N-able\" \/>\n<meta property=\"og:description\" content=\"A vulnerability within the Apache Log4j tool has been identified - tracked as CVE-2021-44228. We are actively assessing the potential impact to N-able products.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.n-able.com\/de\/trust-center\/apache-log4j-vulnerability\" \/>\n<meta property=\"og:site_name\" content=\"N-able\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/NableMSP\" \/>\n<meta property=\"article:modified_time\" content=\"2021-12-22T16:23:33+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/03\/share-image.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"630\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@Nable\" \/>\n<meta name=\"twitter:label1\" content=\"Gesch\u00e4tzte Lesezeit\" \/>\n\t<meta name=\"twitter:data1\" content=\"1\u00a0Minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.n-able.com\/de\/trust-center\/apache-log4j-vulnerability\",\"url\":\"https:\/\/www.n-able.com\/de\/trust-center\/apache-log4j-vulnerability\",\"name\":\"Apache Log4j Vulnerability - N-able\",\"isPartOf\":{\"@id\":\"https:\/\/www.n-able.com\/de#website\"},\"datePublished\":\"2021-12-10T14:35:10+00:00\",\"dateModified\":\"2021-12-22T16:23:33+00:00\",\"description\":\"A vulnerability within the Apache Log4j tool has been identified - tracked as CVE-2021-44228. We are actively assessing the potential impact to N-able products.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.n-able.com\/de\/trust-center\/apache-log4j-vulnerability#breadcrumb\"},\"inLanguage\":\"de\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.n-able.com\/de\/trust-center\/apache-log4j-vulnerability\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.n-able.com\/de\/trust-center\/apache-log4j-vulnerability#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Security and privacy\",\"item\":\"https:\/\/www.n-able.com\/de\/trust-center\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Apache Log4j Vulnerability\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.n-able.com\/de#website\",\"url\":\"https:\/\/www.n-able.com\/de\",\"name\":\"N-able\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.n-able.com\/de#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.n-able.com\/de?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"de\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.n-able.com\/de#organization\",\"name\":\"N-able\",\"url\":\"https:\/\/www.n-able.com\/de\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"de\",\"@id\":\"https:\/\/www.n-able.com\/de#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg\",\"contentUrl\":\"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg\",\"width\":\"1024\",\"height\":\"1024\",\"caption\":\"N-able\"},\"image\":{\"@id\":\"https:\/\/www.n-able.com\/de#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/NableMSP\",\"https:\/\/x.com\/Nable\",\"https:\/\/www.linkedin.com\/company\/n-able\",\"https:\/\/www.youtube.com\/channel\/UClnp77HHg4aME-S-3fWQhFw\"]}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Apache Log4j Vulnerability - N-able","description":"A vulnerability within the Apache Log4j tool has been identified - tracked as CVE-2021-44228. We are actively assessing the potential impact to N-able products.","robots":{"index":"noindex","follow":"nofollow"},"og_locale":"de_DE","og_type":"article","og_title":"Apache Log4j Vulnerability - N-able","og_description":"A vulnerability within the Apache Log4j tool has been identified - tracked as CVE-2021-44228. We are actively assessing the potential impact to N-able products.","og_url":"https:\/\/www.n-able.com\/de\/trust-center\/apache-log4j-vulnerability","og_site_name":"N-able","article_publisher":"https:\/\/www.facebook.com\/NableMSP","article_modified_time":"2021-12-22T16:23:33+00:00","og_image":[{"width":1200,"height":630,"url":"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/03\/share-image.jpg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_site":"@Nable","twitter_misc":{"Gesch\u00e4tzte Lesezeit":"1\u00a0Minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.n-able.com\/de\/trust-center\/apache-log4j-vulnerability","url":"https:\/\/www.n-able.com\/de\/trust-center\/apache-log4j-vulnerability","name":"Apache Log4j Vulnerability - N-able","isPartOf":{"@id":"https:\/\/www.n-able.com\/de#website"},"datePublished":"2021-12-10T14:35:10+00:00","dateModified":"2021-12-22T16:23:33+00:00","description":"A vulnerability within the Apache Log4j tool has been identified - tracked as CVE-2021-44228. We are actively assessing the potential impact to N-able products.","breadcrumb":{"@id":"https:\/\/www.n-able.com\/de\/trust-center\/apache-log4j-vulnerability#breadcrumb"},"inLanguage":"de","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.n-able.com\/de\/trust-center\/apache-log4j-vulnerability"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.n-able.com\/de\/trust-center\/apache-log4j-vulnerability#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Security and privacy","item":"https:\/\/www.n-able.com\/de\/trust-center"},{"@type":"ListItem","position":2,"name":"Apache Log4j Vulnerability"}]},{"@type":"WebSite","@id":"https:\/\/www.n-able.com\/de#website","url":"https:\/\/www.n-able.com\/de","name":"N-able","description":"","publisher":{"@id":"https:\/\/www.n-able.com\/de#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.n-able.com\/de?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"de"},{"@type":"Organization","@id":"https:\/\/www.n-able.com\/de#organization","name":"N-able","url":"https:\/\/www.n-able.com\/de","logo":{"@type":"ImageObject","inLanguage":"de","@id":"https:\/\/www.n-able.com\/de#\/schema\/logo\/image\/","url":"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg","contentUrl":"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg","width":"1024","height":"1024","caption":"N-able"},"image":{"@id":"https:\/\/www.n-able.com\/de#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/NableMSP","https:\/\/x.com\/Nable","https:\/\/www.linkedin.com\/company\/n-able","https:\/\/www.youtube.com\/channel\/UClnp77HHg4aME-S-3fWQhFw"]}]}},"_links":{"self":[{"href":"https:\/\/www.n-able.com\/de\/wp-json\/wp\/v2\/pages\/26769","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.n-able.com\/de\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.n-able.com\/de\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.n-able.com\/de\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/www.n-able.com\/de\/wp-json\/wp\/v2\/comments?post=26769"}],"version-history":[{"count":0,"href":"https:\/\/www.n-able.com\/de\/wp-json\/wp\/v2\/pages\/26769\/revisions"}],"up":[{"embeddable":true,"href":"https:\/\/www.n-able.com\/de\/wp-json\/wp\/v2\/pages\/22989"}],"wp:attachment":[{"href":"https:\/\/www.n-able.com\/de\/wp-json\/wp\/v2\/media?parent=26769"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}