CVE-2021-44228, CVE-2021-45046, CVE-2021-45105 and CVE-2021-4104
Update to Absolute’s response to Apache Log4j2
Last updated: Dec 23, 2021
Absolute is actively responding to the reported remote code execution vulnerability in the Apache Log4j2 Java library dubbed Log4Shell (or LogJam). We have investigated and taken action for the Absolute Visibility, Control and Resilience products that utilize Log4j2. No other Absolute or NetMotion products are impacted.
Products Not Impacted
All versions of NetMotion Mobility, NetMotion Mobile IQ, and NetMotion Diagnostics, including those recently sold under the names NetMotion Core or NetMotion Complete are not subject to any of these vulnerabilities.
Absolute’s services in its Canadian, US, and EU Data Centers that deliver the affected Visibility, Control, and Resilience products have been updated to use the latest version (2.17.0) of Log4j2. This version includes fixes for CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105. We have also deployed firewall configurations to prevent these bugs or other similar bugs from being triggered and enhanced our monitoring for these and similar attacks.
We continue to closely monitor the Apache Software Foundation’s response to log4J2 vulnerabilities and will take further steps as needed.
We also realize that supply chains are a critical component in addressing vulnerabilities. Absolute’s operational teams have been monitoring and contacting all 3rd party SaaS vendors we work with and ensuring they address any exposure they might have.
For additional technical information and further updates, please visit the Absolute Community.
Appendix – Overview of CVEs
|https://nvd.nist.gov/vuln/detail/CVE-2021-44228||This has been remediated in Absolute’s Visibility, Control and Resilience products|
|https://nvd.nist.gov/vuln/detail/CVE-2021-45046||The remediation steps put in place for CVE-2021-44228 effectively protect Absolute’s Visibility, Control and Resilience products against this attack|
|https://nvd.nist.gov/vuln/detail/CVE-2021-45105||The remediation steps put in place for CVE-2021-44228 effectively protect Absolute’s Visibility, Control and Resilience products against this attack|
|https://nvd.nist.gov/vuln/detail/CVE-2021-4104||Absolute’s Visibility, Control and Resilience products are not vulnerable to this issue|