The Effects of Log4j 2

The Effects of Log4j 2

We operate in a complex environment, continuously surrounded by potential threats and we always need to be on alert to act fast enough. Cyber security is a team game and as a responsible player we keep an open climate where we share vulnerabilities and learn from each other, especially when we are dealing with new vulnerabilities like the Log4Shell vulnerability in Log4J 2.  

The Apache Log4j 2 utility is an open-source Apache framework that is a commonly used component for logging requests. Recently a vulnerability was reported allowing an attacker to execute arbitrary code on the vulnerable server, putting widely used applications and cloud services at risk. Log4j 2 is a popular Java logging framework developed by the Apache Software Foundation and used in Clavister’s Identity and Access Management (IAM) products – EasyAccess, EasyPassword and InCenter.  

The vulnerability, CVE-2021-44228, is considered a critical flaw, and it has a base CVSS score of 10, which is the highest possible severity rating. As a result, Clavister issued a Security Advisory on Monday, December 13th, https://www.clavister.com/advisories/security/clav-sa-0297-high-severity-vulnerability-in-apache-log4j2. To not be susceptible to this vulnerability, Clavister has provided remediation information and security patches to all our partners and customers. Our Knowledge Base have been updated with articles to guide partners and customers on both how to mitigate the problem in the above-mentioned products and how to protect and detect attempts to exploit the vulnerability in other products as well. 

Clavister has a wide range of security offerings as part of the Aurora portfolio, providing holistic solutions for cyber security. It is worth mentioning here that none of our other products are affected by this vulnerability. In fact, our Next Generation Firewall (NGFW) product, NetWall, is preventing the vulnerability from being exploited. NetWall is built on an in-house developed cOS Core, unlike many competitive products, which becomes a major strength in times like this as Clavister can offer a greater protection against cyber-attacks while avoiding third party vulnerabilities.  

In summary, these products are NOT affected: 

  • Clavister NetWall (cOS Core) 
  • Clavister NetShield (cOS Stream) 
  • Clavister InControl (cOS Core)
  • Clavister OneConnect (cOS Core)

We continuously monitor the situation and are updating the advisory as more information gets available.

For more information about Clavister’s Products, please see: 
https://www.clavister.com/products/

For more information or media inquiries contact:
Clavister Media Relations: media@clavister.com