Absolute Security

Last updated : 12-23-2021 11.30 AM PST

Update to Absolute’s response to Apache Log4j2 CVE-2021-44228, CVE-2021-45046, CVE-2021-45105 and CVE-2021-4104

Absolute is actively responding to the reported remote code execution vulnerability in the Apache Log4j2 Java library dubbed Log4Shell (or LogJam). We have investigated and taken action for the Absolute Visibility, Control and Resilience products that utilize Log4j2. No other Absolute or NetMotion products are impacted.

Products Not Impacted

All versions of NetMotion Mobility, NetMotion Mobile IQ, and NetMotion Diagnostics, including those recently sold under the names NetMotion Core or NetMotion Complete are not subject to any of these vulnerabilities.

Products Remediated

Absolute’s services in its Canadian, US, and EU Data Centers that deliver the affected Visibility, Control, and Resilience products have been updated to use the latest version (2.17.0) of Log4j2. This version includes fixes for CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105. We have also deployed firewall configurations to prevent these bugs or other similar bugs from being triggered and enhanced our monitoring for these and similar attacks.

We continue to closely monitor the Apache Software Foundation’s response to log4J2 vulnerabilities and will take further steps as needed.

We also realize that supply chains are a critical component in addressing vulnerabilities. Absolute’s operational teams have been monitoring and contacting all 3rd party SaaS vendors we work with and ensuring they address any exposure they might have.

For additional technical information and further updates, please visit the Absolute Community.

Appendix – Overview of CVEs

CVE Absolute's response
https://nvd.nist.gov/vuln/detail/CVE-2021-44228 This has been remediated in Absolute’s Visibility, Control and Resilience products
https://nvd.nist.gov/vuln/detail/CVE-2021-45046 The remediation steps put in place for CVE-2021-44228 effectively protect Absolute’s Visibility, Control and Resilience products against this attack
https://nvd.nist.gov/vuln/detail/CVE-2021-45105 The remediation steps put in place for CVE-2021-44228 effectively protect Absolute’s Visibility, Control and Resilience products against this attack
https://nvd.nist.gov/vuln/detail/CVE-2021-4104 Absolute’s Visibility, Control and Resilience products are not vulnerable to this issue
Financial Services