Security Bulletin - Apache Log4j Library Vulnerability aka Logjam

Follow

Security Bulletin – Dec 14, 2021

Apache Log4j Library Critical Remote Code Execution Vulnerability

CVE-2021-4422 aka “Logjam”

 

The NIST has published notice of a critical vulnerability in software that utilizes the Apache log4j library version 2.14.1 or earlier. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.

 

While the RSS and RAS suites do not utilize the affected library, the WebRSM software included with RSS up to and including version 9.1 is affected.

 

Rimage recommends taking the steps below to eliminate this attack vector:

  • If possible, update your RSS software to 9.4.x.
  • Uninstall the WebRSM software if it is currently installed.

If you have questions or require support on this topic, please contact Rimage Technical Support for assistance.

Email: support@rimage.com

Phone:                  Americas:    +1-800-553-8312 #2
                             Europe:       +49 6074.8521 – 14

 

 

More details and ongoing updates on this issue can be found at the NIST link below.
https://nvd.nist.gov/vuln/detail/CVE-2021-44228

Was this article helpful?
2 out of 2 found this helpful
Have more questions? Submit a request