10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
We have now added two new option profiles to our library for Log4Shell vulnerabilities. Option profiles define the settings you want to use for your scan. These new option profiles are tuned to quickly detect the Log4Shell vulnerability on assets in your environment.
The following two pre-configured option profiles are now available in the library to help you get started:
You can import these profiles into your account and use them as-is or edit them as needed.
To import our option profiles, go to Scans >Option Profiles>Newand selectImport from Library.
Choose from the Log4Shell -Authenticated ScanorLog4Shell–Unauthenticated Scanoptions and clickImport.
Note: Use the Log4Shell - Authenticated Scan option profile for authenticated scans andLog4Shell - Unauthenticated Scan option for unauthenticated scans. For information on authenticated and unauthenticated scans, refer to the Why Use Host Authentication? section of the Online Help.
We recommend making the option profile Global to make it available to all users in the subscription.
The Log4Shell option profiles come with pre-defined search lists that include Log4Shell QIDs. When you scan using these option profiles, the scanner first gathers information about the host and then scans for all QIDs listed with these option profiles. For information on QIDs listed with these option profiles, refer to the Search List section.
The Scan Settings tab in the Option Profile information provides you with an option to view the complete list of QIDs that are included/associated with the option profile.
Review the other tabs of these option profiles to confirm it suits your requirement. Note that these option profiles set the performance of the scan as Normal. If you are concerned about the performance impact, Qualys recommends you change these settings to match your requirement.
When you are ready to scan your environment for Log4Shell vulnerabilities, run a scan and ensure to select these option profiles you just imported. You can associate the option profile when you trigger the scan. For more information on scans, refer to the Scan for Vulnerabilities topic in the Online Help.
Once the scan is completed, you can view the scan report to know the assets that have been affected by the vulnerabilities. Go to the reports list and check to be sure your report is finished - the status will show "Finished". For more information on scan reports, refer to the Reporting on your Vulnerabilities and Assets topic in the Online Help.
Qualys has released 2 search lists to cater to QIDs associated with Log4Shell:
10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C