Statement on Apache Log4j2 Remote Code Execution (RCE) Vulnerability on WebOrion Products and Customers – CVE-2021-44228
There was a high severity vulnerability (CVE-2021-44228) impacting multiple versions of the Apache Log4j which was disclosed publicly on December 9, 2021. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. The vulnerability impacts Apache Log4j 2 versions 2.0 to 2.14.1.
This announcement summarizes any potential impacts to WebOrion products and related announcements for mitigations of the issue.
WebOrion© Defacement Monitor and Restorer SaaS
All our customers on these platforms are not affected by the vulnerability.
WebOrion© Defacement Monitor and Restorer Physical and Virtual Appliances
<2% of our customers are impacted by this vulnerability. Selected customers with custom deployments could have the vulnerable version of log4j but even then, they are not configured in an exploitable manner and thus not at immediate risk of the vulnerability. We have already reached out to affected customers on this.
WebOrion© Business SaaS
There is minimal impact for this group of customers. Log4j is used in some elasticsearch components of this service for firewall log search. However, they are not configured in an exploitable manner and thus not at immediate risk of the vulnerability. Our engineers are in the process of patching and will update when done.
Our engineering and security teams are working diligently on the analysis, impact and mitigations for this issue and we will provide regular updates on any changes or impact.
Please feel free to reach out to custsupport@cloudsine.tech for any further queries.