Change log
December 14th: First edition
Dec. 15: Added manufacturers and products that we were able to ascertain, and listed products whose status was changed as a result of the investigation.
December 16th:
Jfrog Vision / Ivanti MobileIron / Mandiant Mandiant Security Validation / Menlo Security products / Radware Alteon, AppDirector, LinkProof / Barracuda Networks Email Security Gateway, Message Archiver, Cloud Protection Layer / Microsoft RiskIQ products / Okta products 1) has been newly added to the table.
RiskIQ - Digital Footprint by Microsoft / Mandiant Security Validation by Mandiant was newly added to the table in 2).
In addition, for the table in 1), changed the status of Imperva's Cloud WAF to "not applicable", corrected the error in the status of McAfee's ATD, changed the reference URL of each product of Proofpoint, and changed the status of Insider Threat Management SaaS. , added v4.1 to the relevant versions of SECUREMATRIX products, and changed the status of Broadcom Secure Access Cloud (SAC) to "fixed".
In the table of 2), the wording about the security function in Jfrog Vision was corrected.
December 20th:
GitHub's product group has been newly added to the table in 1). In addition, the status of Broadcom's Intelligence Services / WebFilter / WebPulse has been changed to "Fixed" for the table in 1).
December 22nd:
Additions/updates to Table 1): HPE products, Palo Alto Networks Prisma Cloud, and OpenText products have been added. The status of Broadcom Web Isolation Cloud has been changed to "Fixed", Intelligence Services to "Not Applicable", and Web Isolation On-premise to "Applicable".
Additions/updates to Table 2): Palo Alto Networks Prisma Cloud has been added.
Introduction
2021 12 Moon Ten Regarding the Log4j vulnerability (CVE-2021-44228) reported on Sunday (Japan time), we have summarized the response status of our products. The contents of the publication are the following two points.
1) Whether the products handled fall under the vulnerability
2) Security functions provided by products handled
* This page will be updated whenever new information is obtained.
Various organizations and security companies, including JPCERT/CC (https://www.jpcert.or.jp/at/2021/at210050.html), have reported on the details of the vulnerabilities, so please refer to this page. I have omitted it.
1) Whether the products handled fall under the vulnerability
Only products that have been officially announced at this time, or products whose current status has been confirmed by our company to the manufacturer are listed.
In addition, there are cases where manufacturers have officially announced on their support pages.
In cases where investigation is underway on this page, there is a possibility that more correct information can be obtained by referring to the information provided by the manufacturer, so please refer to that as well.
manufacturer | product name | Confirmed status | Manufacturer's information page |
Adaptive Shield | Not applicable | ||
Barracuda | Email Security Gateway Message Archiver Cloud Protection Layer |
Not applicable | https://www.barracuda.co.jp/log4j-cve-2021-44228/ |
Box | Remedied | https://blog.box.com/boxs-statement-recent-log4j-vulnerability-cve-2021-44228 | |
Broadcom | Symantec Endpoint Protection (SEP) Agent | Not applicable | https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 |
Broadcom | Symantec Endpoint Protection Manager (SEPM) (v14.2 or later) | Applicable | https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 Currently SEPM 14.2 and newer are affected. It can be confirmed that the vulnerability is mitigated by changing the environment variables. For how to change, please refer to the procedure in the following knowledge. https://knowledge.broadcom.com/external/article?articleId=230359 |
Broadcom |
Web Security Service (WSS) |
Remedied | https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 |
Broadcom | Advanced Secure Gateway (ASG) BCAAA CloudSOC Cloud Access Security Broker (CASB) Content Analysis (CA) Integrated Secure Gateway (ISG) PacketShaper (PS) S-Series ProxySGMore Reporter Security Analytics (SA) SSL Visibility (SSLV) Management Center (MC) Intelligence Services / WebFilter / WebPulse |
Not applicable | https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 |
Broadcom | Web Isolation (WI) On-premise |
Applicable |
Workaround: Apply Patch Please refer to the manufacturer KB below and apply the patch. If you are unable to download the patch, please contact us so that we can send it to you. https://knowledge.broadcom.com/external/article?articleId=230812 |
Cato Networks | Not applicable | https://www.catonetworks.com/blog/cato-networks-rapid-response-to-the-apache-log4j-remote-code-execution-vulnerability/ | |
Citrix | NetScaler (MPX, VPX, SDX, SD-WAN) | Not applicable | https://support.citrix.com/article/CTX335705 |
CrowdStrike | Falcon | Remedied | https://www1.macnica.net/CGI/product/support/contents/support_syousai.cgi?pro_ctgry_id=74&type=others&issue_id=14440 For more information, please refer to our support site link above. |
CyberArk | Privilege Threat Analytics (all versions) Remote Access Connector (Alero Connector) (all versions) |
Applicable | https://www1.macnica.net/CGI/product/support/contents/support_syousai.cgi?pro_ctgry_id=107&type=others&issue_id=14425 For information on how to deal with this, please refer to the link on our support site above. |
Exabeam | All products | investigating | https://community.exabeam.com/s/question/0D53l00006tRaXhCAK/apache-log4j-vulnerability-exabeam-response *Login required For more information, please refer to the Exabeam link above. |
F5 | Shape Enterprise Defense | Remedied | |
FireEye | FireEye Email security Cloud Edition | investigating | https://www1.macnica.net/CGI/product/support/contents/support_syousai.cgi?pro_ctgry_id=59&type=others&issue_id=14445 For more information, please refer to our support site link above. |
FireEye | FireEye Helix | investigating | https://www1.macnica.net/CGI/product/support/contents/support_syousai.cgi?pro_ctgry_id=59&type=others&issue_id=14445 For more information, please refer to our support site link above. |
FireEye | others | Not applicable | |
Forescout | eyeSight eye control |
Applicable | https://forescout.force.com/support/s/article/Important-security-information-related-to-Apache-Log4j-utility-CVE-2021-44228 *Login required Information on mitigation procedures is provided at the above URL. |
Forescout | eye inspect | Not applicable | https://forescout.force.com/support/s/article/Important-security-information-related-to-Apache-Log4j-utility-CVE-2021-44228 *Login required |
Gemini Data | Gemini Appliance | Not applicable | |
Gigamon | GigaVUE-FM | Applicable | https://gigamoncp.force.com/gigamoncp/s/article/Are-Gigamon-products-affected-by-CVE-2021-44228 *Login required https://www1.macnica.net/CGI/product/support/contents/support_syousai.cgi?pro_ctgry_id=76&type=product&issue_id=14453 Please refer to our support site above for how to deal with it. |
Gigamon | GigaVUE-OS GTAP-A GigaVUE-VM GigaVUE V Series Node |
Not applicable | https://gigamoncp.force.com/gigamoncp/s/article/Are-Gigamon-products-affected-by-CVE-2021-44228 *Login required |
Github | GitHub Enterprise Cloud | Remedied | https://github.blog/jp/2021-12-14-githubs-response-to-log4j-vulnerability-cve-2021-44228/ |
Github | GitHub Enterprise Server | Applicable |
https://github.blog/jp/2021-12-14-githubs-response-to-log4j-vulnerability-cve-2021-44228/ Workaround: |
HPE | Aruba | Not applicable |
|
HPE | Aruba EdgeConnect | Not applicable |
|
HPE | Silver Peak Cloud Orchestrator (all products) | Applicable |
https://www1.macnica.net/CGI/product/support/contents/support_syousai.cgi?pro_ctgry_id=109&type=tech&issue_id=14437 Workaround: Orchestrator version upgrade |
Imperva | On-prem WAF | Not applicable | |
Imperva | CloudWAF | Not applicable | |
Infoblox | NIOS BloxOne |
Not applicable | |
Ivanti | MobileIron Core (all versions) MobileIron Sentry (9.13+) |
Applicable |
https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US |
Ivanti | Plus Secure | Not applicable | https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR |
Jfrog | Vision | Not applicable | https://jfrog.com/knowledge-base/general-jfrog-services-are-not-affected-by-vulnerability-cve-2021-44228/ |
Mandiant | Mandiant Security Validation | Not applicable | http://cs-notices.fireeye.com/e/484561/cve-CVE-2021-44228/hwblfv/380504367?h=wmzBZ0VraWY-2x7-gfz_MIY4EHe6GFto-BkoAa59O1Q *Login required |
McAfee | NSP NSM |
Not applicable | https://kc.mcafee.com/agent/index?page=content&id=SB10377 *Login required |
McAfee | McAfee Web Gateway (8.x - 8.2.21 or newer, 9.x - 9.2.12 or newer, 10.x - 10.2.0 or newer, 11.x - 11.0 or newer) |
Applicable | https://kc.mcafee.com/agent/index?page=content&id=SB10377 *Login required * We use a JAVA version that prevents remote code execution from LDAP, reducing the risk of vulnerabilities. |
McAfee | McAfee Active Response (MAR) Cloud MVISION Cloud McAfee Web Gateway Cloud Service MVISION EDR MVISION ePO MVISION UCE |
Applicable | https://kc.mcafee.com/agent/index?page=content&id=SB10377 *Login required |
McAfee | ePolicy Orchestrator Application Server (5.10 CU11) | Applicable | https://kc.mcafee.com/agent/index?page=content&id=SB10377 *Login required * ePolicy Orchestrator Application Server 5.10 CU10 and earlier versions are not applicable. |
McAfee | ATDs | Not applicable | https://kc.mcafee.com/agent/index?page=content&id=SB10377 *Login required |
McAfee | Enterprise Security Manager (SIEM) | Applicable | https://kc.mcafee.com/agent/index?page=content&id=SB10377 *Login required |
Menlo Security | All products | Acknowledged | https://www.menlosecurity.com/blog/menlos-response-to-log4j-vulnerability-cve-2021-44228/ リスクが低いLog4jを利用している残りの他のノードについても引き続き対応中 |
Microsoft | RiskIQ | investigating | English version: https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/ Japanese version: https://msrc-blog.microsoft.com/2021/12/12/microsofts-response-to-cve-2021-44228-apache-log4j2-jp/ For more information, please refer to the Microsoft link above (updated from time to time). |
Okta | Okta RADIUS Server Agent | Applicable | https://sec.okta.com/articles/2021/12/log4shell |
Okta | Okta On-Prem MFA Agent | Applicable | https://sec.okta.com/articles/2021/12/log4shell |
Okta | others | investigating | https://sec.okta.com/articles/2021/12/log4shell * There are products under investigation and many products that do not apply. For details, please check the Okta page above (updated from time to time). |
OpenText | Exceed, Exceed Option Exceed on Demand Exceed TurboX SOCKS Client NFS Solo |
Not applicable | Not affected by this vulnerability. https://www.opentext.com/support/log4j-remote-code-execution-advisory |
Palo Alto Networks | Prisma Cloud (formerly Twistlock) | Not applicable | https://security.paloaltonetworks.com/CVE-2021-44228 |
Ping Identity | investigating | https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 This applies to some products of Ping Identity. Information on mitigation procedures is provided at the above URL. |
|
Proofpoint | Insider Threat Management SaaS | Remedied | https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability |
Proofpoint | Insider Threat Management On-prem | Not applicable | https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability |
Proofpoint | Email Protection on Demand (PoD) | Remedied | https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability |
Proofpoint | Targeted Attack Protection (TAP) | Not applicable | https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability |
Proofpoint | Security Awareness Training | Remedied | https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability |
Proofpoint | Email Fraud Defense (EFD) | Not applicable | https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability |
Radware | Alteon (33.x, 32.x, 31.x, 30.x, 29.x) | Not applicable | |
Radware | App Director | Not applicable | |
Radware | LinkProof | Not applicable | |
SECURE MATRIX | SECUREMATRIX (V4.1, V10~V12) | Applicable | https://www1.macnica.net/CGI/product/support/contents/support_syousai.cgi?pro_ctgry_id=53&type=tech&issue_id=14442 For information on how to deal with this, please refer to our support site above. |
Sift | Digital Trust & Safety Platform | Not applicable | |
Splunk | Splunk Enterprise (Only when using non-Windows environment and Data Fabric Search (DFS)) |
Applicable | Splunk社公式HP(随時更新中) https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html マクニカFAQ(上記に合わせ随時更新中) https://www1.macnica.net/CGI/product/support/contents/support_syousai.cgi?pro_ctgry_id=75&type=faq&issue_id=14426 対処方法: 修正バージョンへのバージョンアップ ※ バージョンアップ手順については、下記マクニカFAQを参照ください。 8.1へのバージョンアップ手順 https://www1.macnica.net/CGI/product/support/contents/support_syousai.cgi?pro_ctgry_id=75&type=faq&issue_id=13147 8.2へのバージョンアップ手順 https://www1.macnica.net/CGI/product/support/contents/support_syousai.cgi?pro_ctgry_id=75&type=faq&issue_id=13751 |
Splunk | ITSI (4.5.x, 4.6.x, 4.7.x, 4.8.x, 4.9.x, 4.10.x, 4.11.x) IT Essentials Work (4.9.x, 4.10.x, 4.11.x) |
Applicable | Splunk official website (currently updated) https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html Macnica FAQ (currently updated according to the above) https://www1.macnica.net/CGI/product/support/contents/support_syousai.cgi?pro_ctgry_id=75&type=faq&issue_id=14426 Workaround: Upgrade to corrected version |
Splunk | others | Applicable | Splunk official website (regularly updated) https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html Macnica FAQ (Updated regularly to reflect the above) https://www1.macnica.net/CGI/product/support/contents/support_syousai.cgi?pro_ctgry_id=75&type=faq&issue_id=14426 For more details, please refer to the link above. |
TANIUM | Not applicable | ||
Vectra | All products | Not applicable |
2) Security functions provided by products handled
manufacturer | product name | Security function | Additional information from blogs, etc. |
Cato Networks | Protects against attack traffic to protected servers. * When the IPS function is enabled |
||
CrowdStrike | Falcon | Multiple functions are provided. ・Activity visualization dashboard related to the vulnerability (module name: Insight) ・Vulnerability visualization dashboard (module name: Spotlight) ・Blocking, detection, and continuous monitoring of behavior after vulnerability exploitation (module name: Prevent, Insight, OverWatch) ・Detection of potential attacks using IoA (Indicator of Attack) targeting assets on AWS (Module name: Falcon Horizon) ・Addition of IoM (Indicator of Misconfiguration) for AWS for the purpose of countermeasures against this vulnerability (Module name: Falcon Horizon) ・Visualization of affected container images (module name: Cloud Workload Protection) ・Report on threat trends (Module name: Falcon X) |
https://www.crowdstrike.com/blog/log4j2-vulnerability-analysis-and-mitigation-recommendations/ CrowdStrike Holdings、Inc. analysis and interim mitigation measures for this vulnerability. |
FireEye | HX | OpenIoC is provided by the manufacturer, and it is possible to investigate traces by importing it. |
https://github.com/fireeye/CVE-2021-44228 OpenIoC is posted on the above URL. |
FireEye | NX | An alert will be generated with the detection name "CVE-2021-44228" when communication that exploits the vulnerability is detected. | |
Forescout | eye inspect | By updating the IoC DB, we will detect attacks that exploit the relevant vulnerabilities. | https://www.forescout.com/blog/forescout%E2%80%99s-response-to-cve-2021-44228-apache-log4j-2/ Examples of exploit detection using eyeInspect are described. |
Imperva | On-prem WAF | Protects against attack traffic to protected servers. |
https://www.imperva.com/blog/how-were-protecting-customers-staying-ahead-of-cve-2021-44228/ The amount of attacks observed by Imperva, observed trends, etc. are described. |
Imperva | CloudWAF | Protects against attack traffic to protected servers. | |
Jfrog | Vision | Corresponding software and vulnerabilities can be detected from firmware and image data. | |
Mandiant | Mandiant Security Validation | Added 23 attack actions using CVE-2021-44228 to validate an organization's defense capabilities. | |
McAfee | NSP | Protects against attack traffic to protected servers. | |
Microsoft | RiskIQ - Digital Footprint | Identify assets that use Java and Apache Servers. * This refers only to items that may be affected by this vulnerability. It is necessary to separately confirm with the person in charge of the asset whether it corresponds to the Apache Log4j vulnerability (VE-2021-44228). |
|
Palo Alto Networks | Prisma Cloud (formerly Twistlock) | It provides the following two functions. ・It can be detected and blocked when it is used in a container image/host. ・It is also possible to detect when a vulnerability attack is received, deny the connection, and take down the container image. |
|
TANIUM | It is possible to use Tanium products to identify affected terminals, provide temporary countermeasures, and confirm attack traces. For details, please refer to the URL in the right column. |
https://community.tanium.com/s/article/How-Tanium-Can-Help-with-CVE-2021-44228-Log4Shell Specific research methods using Tanium products are described. |
|
Vectra | Recall | Attack traces can be confirmed using network metadata. |
https://www.vectra.ai/blogpost/cve-2021-44228-log4j-zero-day-affecting-the-internet It includes instructions on how to search using the Vectra product, and advice on tagging and grouping clusters using Log4j. |
Although the manufacturer has done its best to protect against the above, completeness is not guaranteed. Please note.