Skip to main content
Redstor.com
Note: Microsoft Single Sign On is no longer available. For more information click here

1377 - Log4Shell vulnerability

Adam Flood
  • Updated
    Tags:
  • Storage Platform
  • Updates
  • Vulnerability

Background

A critical vulnerability known as "Log4Shell" has been found in the Log4j Java library. Details can be found here. A subsequent vulnerability has also been discovered, as documented here.

 

Mitigation

The Log4Shell and related vulnerabilities apply only to Log4j v2 and above, and affected only an internal component of Redstor's backend Data Management Platform that is not publicly exposed to the Internet. This has already been mitigated by upgrading to Log4j v2.17.0.

Log4j is also used on the SE and ESE agents, but these utilise versions that are not affected by Log4Shell. Details can be found here.

Note: Other Redstor software, including the AccountServer and StorageServer, is not written in Java so does not use Log4j, and therefore does not require mitigation.

Related articles

Comments

0 comments

Article is closed for comments.