Hello LogPoint Support / LogPoint Community,
regarding the news about the log4j 2 CVE-2021-44228, I’ve been wondering whether log4j Version 2 is in use in the LogPoint Core SIEM or other parts of your product suite.
Could you please evaluate this and inform us partners and customers about the probable impact of this CVE?
Thanks so much in advance,
Tobias Weidemann
Hi Tobias,
We are currently working on an official response to Log4js - we expect it out later today.
Once done, we will inform all Customers and Partners via a newsletter and also publish the information here on the Community,
The response from Logpoint regarding this is way to slow.
What I have found, is that Logpoint uses version 1.2.16 of log4j, located at /opt/immune/installed/java/dependencies:
zcat ./log4j-1.2.16.jar
Manifest-Version: 1.0
Export-Package: org.apache.log4j.net;uses:="org.apache.log4j,org.apach
e.log4j.spi,javax.naming,org.apache.log4j.helpers,javax.jms,org.apach
e.log4j.xml,javax.mail,javax.mail.internet,org.w3c.dom,javax.jmdns",o
rg.apache.log4j.jmx;uses:="org.apache.log4j,javax.management,com.sun.
jdmk.comm,org.apache.log4j.helpers,org.apache.log4j.spi",org.apache.l
og4j.jdbc;uses:="org.apache.log4j,org.apache.log4j.spi",org.apache.lo
g4j.config;uses:="org.apache.log4j.helpers,org.apache.log4j,org.apach
e.log4j.spi",org.apache.log4j.helpers;uses:="org.apache.log4j,org.apa
che.log4j.spi,org.apache.log4j.pattern",org.apache.log4j;uses:="org.a
pache.log4j.spi,org.apache.log4j.helpers,org.apache.log4j.pattern,org
.apache.log4j.or,org.apache.log4j.config",org.apache.log4j.or.jms;use
s:="org.apache.log4j.helpers,javax.jms,org.apache.log4j.or",org.apach
e.log4j.nt;uses:="org.apache.log4j.helpers,org.apache.log4j,org.apach
e.log4j.spi",org.apache.log4j.or.sax;uses:="org.apache.log4j.or,org.x
ml.sax",org.apache.log4j.pattern;uses:="org.apache.log4j.helpers,org.
apache.log4j.spi,org.apache.log4j,org.apache.log4j.or",org.apache.log
4j.spi;uses:="org.apache.log4j,org.apache.log4j.helpers,com.ibm.uvm.t
ools,org.apache.log4j.or",org.apache.log4j.or;uses:="org.apache.log4j
.helpers,org.apache.log4j.spi,org.apache.log4j",org.apache.log4j.xml;
uses:="javax.xml.parsers,org.w3c.dom,org.xml.sax,org.apache.log4j.con
fig,org.apache.log4j.helpers,org.apache.log4j,org.apache.log4j.spi,or
g.apache.log4j.or",org.apache.log4j.varia;uses:="org.apache.log4j.spi
,org.apache.log4j,org.apache.log4j.helpers"
Built-By: curta
Tool: Bnd-0.0.357
Bundle-Name: Apache Log4j
Created-By: Apache Maven Bundle Plugin
Bundle-Vendor: Apache Software Foundation
Build-Jdk: 1.6.0_16
Bundle-Version: 1.2.16
Bnd-LastModified: 1270009535003
Bundle-ManifestVersion: 2
Bundle-Description: Apache Log4j 1.2
Bundle-License: http://www.apache.org/licenses/LICENSE-2.0.txt
Bundle-DocURL: http://logging.apache.org/log4j/1.2
Bundle-SymbolicName: log4j
Import-Package: com.ibm.uvm.tools;resolution:=optional,com.sun.jdmk.co
mm;resolution:=optional,com.sun.jdmk.comm;resolution:=optional,javax.
jmdns,javax.jms;resolution:=optional,javax.mail;resolution:=optional,
javax.mail.internet;resolution:=optional,javax.management;resolution:
=optional,javax.naming;resolution:=optional,javax.swing;resolution:=o
ptional,javax.swing.border;resolution:=optional,javax.swing.event;res
olution:=optional,javax.swing.table;resolution:=optional,javax.swing.
text;resolution:=optional,javax.swing.tree;resolution:=optional,javax
.xml.parsers,org.apache.log4j,org.apache.log4j.config,org.apache.log4
j.helpers,org.apache.log4j.jdbc,org.apache.log4j.jmx,org.apache.log4j
.net,org.apache.log4j.nt,org.apache.log4j.or,org.apache.log4j.or.jms,
org.apache.log4j.or.sax,org.apache.log4j.pattern,org.apache.log4j.spi
,org.apache.log4j.varia,org.apache.log4j.xml,org.w3c.dom,org.xml.sax,
org.xml.sax.helpers
Name: org.apache.log4j
Implementation-Vendor: "Apache Software Foundation"
Implementation-Title: log4j
Implementation-Version: 1.2.16
Here you find the answer - a Blog-Post will also be on LogPoint.com later this evening.
Background:
As you have heard, a critical remote code execution vulnerability (CVE-2021-44228), also known as Log4Shell, was discovered, which affects Apache Log4j versions 2.0-2.14.1. Log4j is a popular logging library in Java and is used in several enterprise applications, including LogPoint products.
Vulnerability status of LogPoint products
At this time, we have determined that no LogPoint products are affected by the vulnerability.
For detailed information about the vulnerability status of each LogPoint product, please consult the table below. If you have any questions about the vulnerability, please contact your LogPoint Support or LogPoint Community.
Details of vulnerability by LogPoint product
| Product | Vulnerable? | Reason |
| LogPoint 6.12.2 | Not affected | Log4J v 1.2 used |
| Previous LogPoint versions | Not affected | Previous versions used |
| UEBA | Not affected | Log4J v 1.x used |
| LogPoint Agent | Not applicable | Not used |
| Director Console | Not affected | Log4J v 1.2 used |
| Director Fabric | Not affected | Log4J v 1.2 used |
| Search Master | Not affected | Log4J v 1.2 used |
| AAHC | Not affected | Log4J v 1.2 used |
| Plugins | Not affected | Log4j v 1.2 used |
| Applications | Not applicable | Not used |
| LogPoint for SAP HANA | Not applicable | Not used |
| LogPoint for SAP Light | Not affected | Not used |
| LogPoint for SAP Extended | Not applicable | Not used |
* Note: log4j v1.2.x is vulnerable to another vulnerability, that is only exploitable when using the class JMSAppender. While LogPoint uses log4j in version 1.2, JMSAppender is not used in LogPoint and we have actively attempted to exploit the vulnerability, confirming that in these cases log4j v1.2 is not vulnerable in the current deployment configuration.
Regards,
Brian Hansen, LogPoint
VP, Customer Success
Already have an account? Login
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
