KLA12391 RCE vulnerability in Apache Log4j

Detect date:

12/14/2021

Severity:

Warning

Description:

Remote code execution vulnerability was found in Apache Log4j. Malicious users can exploit this vulnerability to execute arbitrary code.

Exploitation:

Public exploits exist for this vulnerability.

Affected products:

Apache Log4j 2.0-beta9 before 2.12.2, 2.13.0 before 2.16.0
API Portal for VMware Tanzu
Abbott GLP Track System
Akamai Siem Integration Connector
AppDynamics with Cisco Secure Application
BCT LIBER
BCT e-Invoice
BMC AMI Ops Insight
BMC Bladelogic Database Automation
BMC Helix Data Manager
BMC Helix ITSM
BMC Helix Platform
BMC Remedy Smart Reporting
BMC TrueSight Automation Console
Barco OpSpace
Beckman Coulter Information Systems
BioJava Java library for processing biological data
Bosch Rexroth Bosch IoT gateway
Broadcom Cloud Workload Assurance (CWA)
Broadcom Cloud Workload Protection (CWP)
Broadcom Cloud Workload Protection for Storage (CWP:S)
Broadcom Industrial Control System Protection (ICSP)
Broadcom LiveUpdate Administrator (LUA)
Broadcom Symantec Advanced Authentication
Broadcom Symantec Endpoint Detection and Response (EDR) On-premise
Broadcom Symantec Endpoint Protection Manager (SEPM)
Broadcom Symantec Privileged Access Manager (PAM)
CIS CAT Lite
CIS CAT Pro Assessor v3 Full and Dissolvable
CIS CAT Pro Assessor v4
CIS CSAT Pro
Cisco AppDynamics
Cisco Application Policy Infrastructure Controller (APIC) - Network Insights Base App
Cisco Automated Subsea Tuning
Cisco BroadWorks
Cisco Business Process Automation
Cisco CX Cloud
Cisco Call Studio
Cisco Cloud Connect
Cisco CloudCenter
Cisco Cloudlock
Cisco Common Services Platform Collector (CSPC)
Cisco Connected Mobile Experiences (CMX)
Cisco Contact Center Domain Manager (CCDM)
Cisco Contact Center Management Portal (CCMP)
Cisco Crosswork Data Gateway
Cisco Crosswork Network Controller
Cisco Crosswork Optimization Engine
Cisco Crosswork Platform Infrastructure
Cisco Crosswork Situation Manager
Cisco Crosswork Zero Touch Provisioning (ZTP)
Cisco Cyber Vision Sensor Management Extension
Cisco DNA Center
Cisco DNA Spaces Connector
Cisco Data Center Network Manager (DCNM)
Cisco Duo Security for Government
Cisco Emergency Responder
Cisco Enterprise Chat and Email
Cisco Evolved Programmable Network Manager
Cisco eSIM Flex
Citrix Endpoint Management (XenMobile Server)
Dell APEX Console
Dell APEX Data Storage Services
Dell Cloud IQ
Dell Connectrix (Cisco MDS DCNM)
Dell EMC BSN Controller Node
Dell EMC Cloud Disaster Recovery
Dell EMC Data Protection Central
Dell EMC Data Protection Search
Dell EMC ECS
Dell EMC Enterprise Storage Analytics for vRealize Operations
Dell EMC Integrated System for Azure Stack HCI
Dell EMC Integrated System for Microsoft Azure Stack Hub
Dell EMC NetWorker
Dell EMC Networking Virtual Edge Platform with VersaOS
Dell EMC OpenManage Enterprise Services
Dell EMC PowerStore
Dell EMC Ruckus SmartZone 300 Controller
Dell EMC Ruckus Virtual Software
Dell EMC Streaming Data Platform
Dell EMC XC
Dell Open Management Enterprise - Modular
Dell OpenManage Enterprise
Dell Secure Connect Gateway (SCG) Appliance
Dell Secure Connect Gateway (SCG) Policy Manager
Dell SupportAssist Enterprise
Dell Unisphere Central
Dell Vblock
Dell VxBlock
Dell Wyse Management Suite
Dell vRealize Data Protection Extension Data Management
Elastic Logstash
Elastic search
Ewon (HMS-Networks) eCatcher
FedEx Ship Manager
FileCap Server
GFI Software Kerio Connect
HPE Real Time Management System (RTMS)
Hitachi Energy Axis
Hitachi Energy FOXMAN-UN
Hitachi Energy Lumada APM On-premises
Hitachi Energy Lumada APM SaaS
Hitachi Energy Network Manager Outage Management Interface (OMI) – Third Party Oracle Database Components (Trace File Analyzer, SQL Developer, Property Graph)
Hitachi Energy Network Manager SCADA/EMS, Ranger and NMR Product – Third Party Oracle Database Components (Trace File Analyzer, SQL Developer, Property Graph)
Hitachi Energy RelCare
Hitachi Energy UNEM
Hitachi Energy e-Mesh Monitor
Hitachi Energy nMarket Global I-SEM
IBM Cognos Analytics
Java Melody 1.90.0
Kaltura Blackboard Learn SaaS in the classic Learn experience
Kaltura Blackboard Learn Self- and Managed-Hosting
NVIDIA CUDA Toolkit Nsight Eclipse Edition
NVIDIA CUDA Toolkit Visual Profiler
NVIDIA DGX systems
NVIDIA NetQ
Nulab Backlog
Nulab Cacoo
Nulab Typetalk
Nutanix Beam
Nutanix Calm
Nutanix Collector Portal
Nutanix Flow Security Central
Nutanix Frame
Nutanix Karbon Platform Service
Nutanix Leap
Nutanix Prism Central
Nutanix Sizer
PTV Group Map&Market
PTV Group PTV Content Update Service
PTV Group PTV Developer
PTV Group PTV MaaS Modeller
PTV Group PTV Route Optimiser CL
PTV Group PTV Route Optimiser ST
PTV Group PTV Route Optimizer SaaS / Demonstrator
PTV Group PTV TLN planner internet
PTV Group PTV Visum Publisher
PTV Group PTV xServer
Palo Alto PAN-OS for Panorama
Palo-Alto Networks Exact Data Matching CLI
Phoenix Contact Cloud Services
QlikTech International Qlik Catalog
RuneCast Analyzer
SAP Hana Cockpit
SAP XS Advanced Runtime
Schneider Electric EASYFIT
Schneider Electric EcoStruxure IT Expert
Schneider Electric EcoStruxure IT Gateway
Schneider Electric Ecoreal XL
Schneider Electric Facility Expert Small Business
Schneider Electric MSE
Schneider Electric NEW630
Schneider Electric NetBotz750/755
Schneider Electric SDK BOM
Schneider Electric SDK-Docgen
Schneider Electric SDK-TNC
Schneider Electric SDK-UMS
Schneider Electric SDK3D-2DRenderer
Schneider Electric SDK3D-360Widget
Schneider Electric SNC-API
Schneider Electric SNC-CMM
Schneider Electric SNC-SEMTECH
Schneider Electric SPIMV3
Schneider Electric SWBEditor
Schneider Electric SWBEngine
Schneider Electric Select and Config DATA
Schneider Electric Wiser by SE platform
Single Sign-On for VMware Tanzu Application Service
Snow Software Snow Commander
Snow Software VM Access Proxy
SonicWall Email Security
SonicWall NSM On-Premise
Spring Cloud Gateway for VMware Tanzu
Spring Cloud Services for VMware Tanzu
Storage Center - Dell Storage Manager
StormShield Visibility Center
SyncRO Soft SRL Batch Document Converter
SyncRO Soft SRL Git Client
SyncRO Soft SRL Oxygen Feedback Enterprise
SyncRO Soft SRL Oxygen License Server
SyncRO Soft SRL Oxygen PDF Chemistry
SyncRO Soft SRL Oxygen SDK
SyncRO Soft SRL Oxygen Web Author Test Server Add-on
SyncRO Soft SRL Oxygen XML Author
SyncRO Soft SRL Oxygen XML Content Fusion
SyncRO Soft SRL Oxygen XML Developer
SyncRO Soft SRL Oxygen XML Editor
SyncRO Soft SRL Oxygen XML Publishing Engine
SyncRO Soft SRL Oxygen XML Web Author
SyncRO Soft SRL Oxygen XML WebHelp
SyncRO Soft SRL Web Author PDF Plugin
SyncRO Soft SRL XSD to JSON Schema Converter
Trend Micro Deep Discovery Director
VMware App Metrics
VMware Carbon Black Cloud Workload Appliance
VMware Carbon Black EDR server
VMware Cloud Director Object Storage Extension
VMware Cloud Provider Lifecycle Manager
VMware Greenplum Text
VMware HCX
VMware Harbor Container Registry for TKGI
VMware Healthwatch for Tanzu Application Service
VMware Horizon
VMware Identity Manager
VMware Integrated OpenStack
VMware NSX Data Center for vSphere
VMware NSX-T Data Center
VMware NSX-T Intelligence Appliance
VMware SD-WAN VCO
VMware Site Recovery Manager, vSphere Replication
VMware Smart Assurance M&R
VMware Smart Assurance NCM
VMware Smart Assurance SAM [Service Assurance Manager]
VMware Spring Cloud Gateway for Kubernetes
VMware Tanzu Application Services for VMs
VMware Tanzu GemFire
VMware Tanzu Greenplum Platform Extension Framework
VMware Tanzu Kubernetes Grid Integrated Edition
VMware Tanzu Observability Proxy
VMware Tanzu Observability by Wavefront Nozzle
VMware Tanzu Operations Manager
VMware Tanzu Scheduler
VMware Telco Cloud Operations
VMware Unified Access Gateway (UAG)
VMware Workspace ONE Access
VMware vRealize Automation
VMware vRealize Business for Cloud
VMware vRealize Log Insight
VMware vRealize Network Insight
VMware vRealize Operations
VMware vRealize Orchestrator
vRealize Operations Tenant App for VMware Cloud Director
vRealize Orchestrator (vRO) Plug-ins for Dell EMC Storage

Solution:

Update to the latest version

Original advisories:

Apache Log4j Security Vulnerabilities

Impacts:

ACE

Related products:

Apache Log4j

CVE-IDS:

CVE-2021-450469.0Critical