Skip to main content

Hello LogPoint Support / LogPoint Community,

regarding the news about the log4j 2 CVE-2021-44228, I’ve been wondering whether log4j Version 2 is in use in the LogPoint Core SIEM or other parts of your product suite.

Could you please evaluate this and inform us partners and customers about the probable impact of this CVE?

Thanks so much in advance,

Tobias Weidemann

Hi Tobias,

 

We are currently working on an official response to Log4js  - we expect it out later today.

Once done, we will inform all Customers and Partners via a newsletter and also publish the information here on the Community,


The response from Logpoint regarding this is way to slow.

What I have found, is that Logpoint uses version 1.2.16 of log4j, located at /opt/immune/installed/java/dependencies:

 

zcat ./log4j-1.2.16.jar
Manifest-Version: 1.0
Export-Package: org.apache.log4j.net;uses:="org.apache.log4j,org.apach
 e.log4j.spi,javax.naming,org.apache.log4j.helpers,javax.jms,org.apach
 e.log4j.xml,javax.mail,javax.mail.internet,org.w3c.dom,javax.jmdns",o
 rg.apache.log4j.jmx;uses:="org.apache.log4j,javax.management,com.sun.
 jdmk.comm,org.apache.log4j.helpers,org.apache.log4j.spi",org.apache.l
 og4j.jdbc;uses:="org.apache.log4j,org.apache.log4j.spi",org.apache.lo
 g4j.config;uses:="org.apache.log4j.helpers,org.apache.log4j,org.apach
 e.log4j.spi",org.apache.log4j.helpers;uses:="org.apache.log4j,org.apa
 che.log4j.spi,org.apache.log4j.pattern",org.apache.log4j;uses:="org.a
 pache.log4j.spi,org.apache.log4j.helpers,org.apache.log4j.pattern,org
 .apache.log4j.or,org.apache.log4j.config",org.apache.log4j.or.jms;use
 s:="org.apache.log4j.helpers,javax.jms,org.apache.log4j.or",org.apach
 e.log4j.nt;uses:="org.apache.log4j.helpers,org.apache.log4j,org.apach
 e.log4j.spi",org.apache.log4j.or.sax;uses:="org.apache.log4j.or,org.x
 ml.sax",org.apache.log4j.pattern;uses:="org.apache.log4j.helpers,org.
 apache.log4j.spi,org.apache.log4j,org.apache.log4j.or",org.apache.log
 4j.spi;uses:="org.apache.log4j,org.apache.log4j.helpers,com.ibm.uvm.t
 ools,org.apache.log4j.or",org.apache.log4j.or;uses:="org.apache.log4j
 .helpers,org.apache.log4j.spi,org.apache.log4j",org.apache.log4j.xml;
 uses:="javax.xml.parsers,org.w3c.dom,org.xml.sax,org.apache.log4j.con
 fig,org.apache.log4j.helpers,org.apache.log4j,org.apache.log4j.spi,or
 g.apache.log4j.or",org.apache.log4j.varia;uses:="org.apache.log4j.spi
 ,org.apache.log4j,org.apache.log4j.helpers"
Built-By: curta
Tool: Bnd-0.0.357
Bundle-Name: Apache Log4j
Created-By: Apache Maven Bundle Plugin
Bundle-Vendor: Apache Software Foundation
Build-Jdk: 1.6.0_16
Bundle-Version: 1.2.16
Bnd-LastModified: 1270009535003
Bundle-ManifestVersion: 2
Bundle-Description: Apache Log4j 1.2
Bundle-License: http://www.apache.org/licenses/LICENSE-2.0.txt
Bundle-DocURL: http://logging.apache.org/log4j/1.2
Bundle-SymbolicName: log4j
Import-Package: com.ibm.uvm.tools;resolution:=optional,com.sun.jdmk.co
 mm;resolution:=optional,com.sun.jdmk.comm;resolution:=optional,javax.
 jmdns,javax.jms;resolution:=optional,javax.mail;resolution:=optional,
 javax.mail.internet;resolution:=optional,javax.management;resolution:
 =optional,javax.naming;resolution:=optional,javax.swing;resolution:=o
 ptional,javax.swing.border;resolution:=optional,javax.swing.event;res
 olution:=optional,javax.swing.table;resolution:=optional,javax.swing.
 text;resolution:=optional,javax.swing.tree;resolution:=optional,javax
 .xml.parsers,org.apache.log4j,org.apache.log4j.config,org.apache.log4
 j.helpers,org.apache.log4j.jdbc,org.apache.log4j.jmx,org.apache.log4j
 .net,org.apache.log4j.nt,org.apache.log4j.or,org.apache.log4j.or.jms,
 org.apache.log4j.or.sax,org.apache.log4j.pattern,org.apache.log4j.spi
 ,org.apache.log4j.varia,org.apache.log4j.xml,org.w3c.dom,org.xml.sax,
 org.xml.sax.helpers

Name: org.apache.log4j
Implementation-Vendor: "Apache Software Foundation"
Implementation-Title: log4j
Implementation-Version: 1.2.16
 


Here you find the answer - a Blog-Post will also be on LogPoint.com later this evening.

 

Background:

As you have heard, a critical remote code execution vulnerability (CVE-2021-44228), also known as Log4Shell, was discovered, which affects Apache Log4j versions 2.0-2.14.1. Log4j is a popular logging library in Java and is used in several enterprise applications, including LogPoint products.

 

Vulnerability status of LogPoint products

At this time, we have determined that no LogPoint products are affected by the vulnerability.

For detailed information about the vulnerability status of each LogPoint product, please consult the table below. If you have any questions about the vulnerability, please contact your LogPoint Support or LogPoint Community.

 

Details of vulnerability by LogPoint product

 

Product

Vulnerable?

Reason

LogPoint 6.12.2

Not affected

Log4J v 1.2 used

Previous LogPoint versions

Not affected

Previous versions used

UEBA

Not affected

Log4J v 1.x used

LogPoint Agent

Not applicable

Not used

Director Console

Not affected

Log4J v 1.2 used

Director Fabric

Not affected

Log4J v 1.2 used

Search Master

Not affected

Log4J v 1.2 used

AAHC

Not affected

Log4J v 1.2 used

Plugins

Not affected

Log4j v 1.2 used

Applications

Not applicable

Not used

LogPoint for SAP HANA

Not applicable 

Not used

LogPoint for SAP Light

Not affected

Not used

LogPoint for SAP Extended

Not applicable

Not used

 

* Note: log4j v1.2.x is vulnerable to another vulnerability, that is only exploitable when using the class JMSAppender. While LogPoint uses log4j in version 1.2, JMSAppender is not used in LogPoint and we have actively attempted to exploit the vulnerability, confirming that in these cases log4j v1.2 is not vulnerable in the current deployment configuration.

 

Regards,

 

Brian Hansen, LogPoint

VP, Customer Success


Reply