Addigy and Apache’s Log4J2 CVE-2021-44228 Status
Addigy is aware of a recently disclosed security issue relating to the open-source Apache “Log4j2” utility (CVE-2021-44228). At the time of writing, Addigy does not use this library or has plans to use this library to provide its core services.
Additionally, Addigy leverages CloudFlare, which has released a new WAF rule to attempt to block Log4j exploit requests.
Our team has confirmed with our upstream vendors that all usage with any third-party tools leveraging Log4j has been remediated and will provide further updates on this page throughout the week.
Thank you for your continued partnership,
Addigy Security Team
December 13 2021 @ 1:00 PM US Eastern Update:
A great compiled list of vendor status is below:
Recommended reading for confirming vulnerability remediation:
Splashtop for RMM:
In response to your concern regarding the remote code execution vulnerability (CVE-2021-44228) related to Apache Log4j, in our investigation so far, we confirm that Splashtop is NOT vulnerable to this exploit, given the fact that the three main components of Splashtop servers do not use it to write logs.
To put the matter into perspective, here are the three main components:
Backend system – Java wasn’t used
API servers – Java wasn’t used
Relay servers – this module wasn’t used to write logs
As Splashtop and the industry at large continue to gain a deeper understanding of the impact of this threat, we will update the user with further information as they become available.
Splashtop thank you for your patience and continued support.
Splashtop Business Support Team
Monitoring and Alerting Java on macOS Devices:
Addigy has default facts that can help you identify devices Java Version and Java Vendor:
You can find these facts in the Devices page as `Java Vendor` and `Java Version`:
You can build monitoring items to detect if Java is installed and alert you to take action: