{"id":11482,"date":"2021-12-13T10:59:21","date_gmt":"2021-12-13T09:59:21","guid":{"rendered":"https:\/\/www.nextron-systems.com\/?p=11482"},"modified":"2024-04-12T16:33:28","modified_gmt":"2024-04-12T14:33:28","slug":"nextron-products-unaffected-by-log4j-vulnerability-cve-2021-44228","status":"publish","type":"post","link":"https:\/\/www.nextron-systems.com\/2021\/12\/13\/nextron-products-unaffected-by-log4j-vulnerability-cve-2021-44228\/","title":{"rendered":"Nextron Products Unaffected by Log4j Vulnerability CVE-2021-44228"},"content":{"rendered":"

[et_pb_section fb_built=”1″ _builder_version=”4.14.2″ _module_preset=”default” global_colors_info=”{}”][et_pb_row column_structure=”2_3,1_3″ _builder_version=”4.14.2″ _module_preset=”default” global_colors_info=”{}”][et_pb_column type=”2_3″ _builder_version=”4.14.2″ _module_preset=”default” global_colors_info=”{}”][et_pb_text _builder_version=”4.14.2″ _module_preset=”default” hover_enabled=”0″ sticky_enabled=”0″]<\/p>\n

We have reviewed our products in order to identify services that use the vulnerable log4j library. Only Elastic Search in ASGARD Analysis Cockpit uses log4j but is NOT vulnerable.\u00a0<\/p>\n

“Elasticsearch is not susceptible to remote code execution with this vulnerability due to our use of the Java Security Manager. Elasticsearch on JDK8 or below is susceptible to an information leak via DNS which is fixed by a simple JVM property change.”<\/p>\n

Source: https:\/\/discuss.elastic.co\/t\/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31\/291476<\/a><\/p>\n

Even older and EOL products like ASGARD v1 are not affected.<\/p>\n

Other products don’t use JAVA or log4j.<\/p>\n

[\/et_pb_text][\/et_pb_column][et_pb_column type=”1_3″ _builder_version=”4.14.2″ _module_preset=”default” global_colors_info=”{}”][et_pb_image src=”https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2021\/12\/Anti-virus-Security-29.png” title_text=”Anti virus & Security-29″ _builder_version=”4.14.2″ _module_preset=”default” global_colors_info=”{}”][\/et_pb_image][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":"

We have reviewed our products in order to identify services that use the vulnerable log4j library. Only Elastic Search in ASGARD Analysis Cockpit uses log4j but is NOT vulnerable.\u00a0 “Elasticsearch is not susceptible to remote code execution with this vulnerability due to our use of the Java Security Manager. Elasticsearch on JDK8 or below is susceptible to an information leak via DNS which is fixed by a simple JVM property change.” Source: https:\/\/discuss.elastic.co\/t\/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31\/291476 Even older and EOL products like ASGARD v1 are not affected. Other products don’t use JAVA or log4j.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[749,1],"tags":[656,655,654],"class_list":["post-11482","post","type-post","status-publish","format-standard","hentry","category-homepage","category-nextron","tag-cve-2021-44228","tag-log4j","tag-log4shell"],"yoast_head":"\nNextron Products Unaffected by Log4j Vulnerability CVE-2021-44228 - Nextron Systems<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.nextron-systems.com\/2021\/12\/13\/nextron-products-unaffected-by-log4j-vulnerability-cve-2021-44228\/\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.nextron-systems.com\/2021\/12\/13\/nextron-products-unaffected-by-log4j-vulnerability-cve-2021-44228\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.nextron-systems.com\/2021\/12\/13\/nextron-products-unaffected-by-log4j-vulnerability-cve-2021-44228\/\"},\"author\":{\"name\":\"Florian Roth\",\"@id\":\"https:\/\/www.nextron-systems.com\/#\/schema\/person\/4fd503007d60aabaf1ae747502f36919\"},\"headline\":\"Nextron Products Unaffected by Log4j Vulnerability CVE-2021-44228\",\"datePublished\":\"2021-12-13T09:59:21+00:00\",\"dateModified\":\"2024-04-12T14:33:28+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.nextron-systems.com\/2021\/12\/13\/nextron-products-unaffected-by-log4j-vulnerability-cve-2021-44228\/\"},\"wordCount\":219,\"publisher\":{\"@id\":\"https:\/\/www.nextron-systems.com\/#organization\"},\"keywords\":[\"CVE-2021-44228\",\"Log4j\",\"Log4Shell\"],\"articleSection\":[\"Homepage\",\"Nextron\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.nextron-systems.com\/2021\/12\/13\/nextron-products-unaffected-by-log4j-vulnerability-cve-2021-44228\/\",\"url\":\"https:\/\/www.nextron-systems.com\/2021\/12\/13\/nextron-products-unaffected-by-log4j-vulnerability-cve-2021-44228\/\",\"name\":\"Nextron Products Unaffected by Log4j Vulnerability CVE-2021-44228 - Nextron Systems\",\"isPartOf\":{\"@id\":\"https:\/\/www.nextron-systems.com\/#website\"},\"datePublished\":\"2021-12-13T09:59:21+00:00\",\"dateModified\":\"2024-04-12T14:33:28+00:00\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.nextron-systems.com\/2021\/12\/13\/nextron-products-unaffected-by-log4j-vulnerability-cve-2021-44228\/\"]}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.nextron-systems.com\/#website\",\"url\":\"https:\/\/www.nextron-systems.com\/\",\"name\":\"Nextron Systems\",\"description\":\"We Detect Hackers\",\"publisher\":{\"@id\":\"https:\/\/www.nextron-systems.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.nextron-systems.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.nextron-systems.com\/#organization\",\"name\":\"Nextron Systems GmbH\",\"url\":\"https:\/\/www.nextron-systems.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.nextron-systems.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2017\/11\/Nextron_0.2s_inv_symbol_only.png\",\"contentUrl\":\"https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2017\/11\/Nextron_0.2s_inv_symbol_only.png\",\"width\":260,\"height\":260,\"caption\":\"Nextron Systems GmbH\"},\"image\":{\"@id\":\"https:\/\/www.nextron-systems.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.nextron-systems.com\/#\/schema\/person\/4fd503007d60aabaf1ae747502f36919\",\"name\":\"Florian Roth\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.nextron-systems.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/0dfaa838ce5d82e2e7bfa75ed3f43ae5?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/0dfaa838ce5d82e2e7bfa75ed3f43ae5?s=96&d=mm&r=g\",\"caption\":\"Florian Roth\"},\"description\":\"Florian Roth serves as the Head of Research and Development at Nextron Systems. With a background in IT security since 2000, he has delved deep into nation-state cyber attacks since 2012. Florian has developed the THOR Scanner and actively engages with the community via his Twitter handle @cyb3rops. He has contributed to open-source projects, including 'Sigma', a generic SIEM rule format, and 'LOKI', an open-source scanner. Additionally, he has shared valuable resources like a mapping of APT groups and operations and an Antivirus Event Analysis Cheat Sheet.\",\"url\":\"https:\/\/www.nextron-systems.com\/author\/florian\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Nextron Products Unaffected by Log4j Vulnerability CVE-2021-44228 - Nextron Systems","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.nextron-systems.com\/2021\/12\/13\/nextron-products-unaffected-by-log4j-vulnerability-cve-2021-44228\/","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.nextron-systems.com\/2021\/12\/13\/nextron-products-unaffected-by-log4j-vulnerability-cve-2021-44228\/#article","isPartOf":{"@id":"https:\/\/www.nextron-systems.com\/2021\/12\/13\/nextron-products-unaffected-by-log4j-vulnerability-cve-2021-44228\/"},"author":{"name":"Florian Roth","@id":"https:\/\/www.nextron-systems.com\/#\/schema\/person\/4fd503007d60aabaf1ae747502f36919"},"headline":"Nextron Products Unaffected by Log4j Vulnerability CVE-2021-44228","datePublished":"2021-12-13T09:59:21+00:00","dateModified":"2024-04-12T14:33:28+00:00","mainEntityOfPage":{"@id":"https:\/\/www.nextron-systems.com\/2021\/12\/13\/nextron-products-unaffected-by-log4j-vulnerability-cve-2021-44228\/"},"wordCount":219,"publisher":{"@id":"https:\/\/www.nextron-systems.com\/#organization"},"keywords":["CVE-2021-44228","Log4j","Log4Shell"],"articleSection":["Homepage","Nextron"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.nextron-systems.com\/2021\/12\/13\/nextron-products-unaffected-by-log4j-vulnerability-cve-2021-44228\/","url":"https:\/\/www.nextron-systems.com\/2021\/12\/13\/nextron-products-unaffected-by-log4j-vulnerability-cve-2021-44228\/","name":"Nextron Products Unaffected by Log4j Vulnerability CVE-2021-44228 - Nextron Systems","isPartOf":{"@id":"https:\/\/www.nextron-systems.com\/#website"},"datePublished":"2021-12-13T09:59:21+00:00","dateModified":"2024-04-12T14:33:28+00:00","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.nextron-systems.com\/2021\/12\/13\/nextron-products-unaffected-by-log4j-vulnerability-cve-2021-44228\/"]}]},{"@type":"WebSite","@id":"https:\/\/www.nextron-systems.com\/#website","url":"https:\/\/www.nextron-systems.com\/","name":"Nextron Systems","description":"We Detect Hackers","publisher":{"@id":"https:\/\/www.nextron-systems.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.nextron-systems.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.nextron-systems.com\/#organization","name":"Nextron Systems GmbH","url":"https:\/\/www.nextron-systems.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.nextron-systems.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2017\/11\/Nextron_0.2s_inv_symbol_only.png","contentUrl":"https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2017\/11\/Nextron_0.2s_inv_symbol_only.png","width":260,"height":260,"caption":"Nextron Systems GmbH"},"image":{"@id":"https:\/\/www.nextron-systems.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.nextron-systems.com\/#\/schema\/person\/4fd503007d60aabaf1ae747502f36919","name":"Florian Roth","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.nextron-systems.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/0dfaa838ce5d82e2e7bfa75ed3f43ae5?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/0dfaa838ce5d82e2e7bfa75ed3f43ae5?s=96&d=mm&r=g","caption":"Florian Roth"},"description":"Florian Roth serves as the Head of Research and Development at Nextron Systems. With a background in IT security since 2000, he has delved deep into nation-state cyber attacks since 2012. Florian has developed the THOR Scanner and actively engages with the community via his Twitter handle @cyb3rops. He has contributed to open-source projects, including 'Sigma', a generic SIEM rule format, and 'LOKI', an open-source scanner. Additionally, he has shared valuable resources like a mapping of APT groups and operations and an Antivirus Event Analysis Cheat Sheet.","url":"https:\/\/www.nextron-systems.com\/author\/florian\/"}]}},"_links":{"self":[{"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/posts\/11482","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/comments?post=11482"}],"version-history":[{"count":5,"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/posts\/11482\/revisions"}],"predecessor-version":[{"id":11490,"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/posts\/11482\/revisions\/11490"}],"wp:attachment":[{"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/media?parent=11482"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/categories?post=11482"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/tags?post=11482"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}