Addigy and Apache’s Log4J2 CVE-2021-44228 Status

Nicolas Ponce | 12/12/2021

Addigy is aware of a recently disclosed security issue relating to the open-source Apache “Log4j2” utility (CVE-2021-44228). At the time of writing, Addigy does not use this library or has plans to use this library to provide its core services.

Additionally, Addigy leverages CloudFlare, which has released a new WAF rule to attempt to block Log4j exploit requests.

Our team has confirmed with our upstream vendors that all usage with any third-party tools leveraging Log4j has been remediated and will provide further updates on this page throughout the week.

For additional information, please visit our Addigy Trust Center. If you have additional questions, please contact [email protected]

Thank you for your continued partnership,

Addigy Security Team

 

December 13 2021 @ 1:00 PM US Eastern Update:

A great compiled list of vendor status is below:

https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592

Recommended reading for confirming vulnerability remediation:

https://www.lunasec.io/docs/blog/log4j-zero-day-mitigation-guide/ 

Splashtop for RMM:

In response to your concern regarding the remote code execution vulnerability (CVE-2021-44228) related to Apache Log4j, in our investigation so far, we confirm that Splashtop is NOT vulnerable to this exploit, given the fact that the three main components of Splashtop servers do not use it to write logs.

To put the matter into perspective, here are the three main components:

Backend system – Java wasn’t used

API servers – Java wasn’t used

Relay servers – this module wasn’t used to write logs

As Splashtop and the industry at large continue to gain a deeper understanding of the impact of this threat, we will update the user with further information as they become available.

Splashtop thank you for your patience and continued support.

Regards,

Splashtop Business Support Team

Monitoring and Alerting Java on macOS Devices:

Addigy has default facts that can help you identify devices Java Version and Java Vendor:

You can find these facts in the Devices page as `Java Vendor` and `Java Version`:

You can build monitoring items to detect if Java is installed and alert you to take action:

Related Posts

Growing organizations and businesses must overcome numerous challenges associated with scaling their needs. This process includes regularly recruiting and hiring new employees, in addition to keeping up with the technology requirements of those new staff members. Whether you want to […]
Today’s IT managers and admins have a lot of boxes to check if they want to help an organization grow and scale. Managing devices, employee credentials and identification, and security processes are top priorities for enterprise business. With Apple ID […]
Keeping track of IT and technological assets within an organization is a huge undertaking, particularly as the digital world continually expands. While every workplace is unique in its approach to operations, most businesses want to keep tabs on essential things […]