[NOTICE] Log4j vulnerability

Posted almost 3 years ago by Jake Yip

  • Topic is Locked
J
Jake Yip Admin

Users should be aware that a recent Log4j vulnerability (CVE-2021-44228) has been released. If you are running Apache Log4j2 <=2.14.1, you should update your systems immediately.


It is also reported that this vulnerability is being actively exploited in the wild, so users should check whether they have been compromised if they are vulnerable.


At this point in time, Tenable is developing scan templates. We expect this will be used to identify vulnerable instances when the templates are deployed.


This page will be updated as we have more information.


UPDATE 2021-12-13 1400 AEDT: Tenable have released scan templates, some sites have initiated scans and we are evaluating the results.


UPDATE 2021-12-14 1030 AEDT: Instances in melbourne-qh2-uom and melbourne-qh2 are being scanned and users will be notified if vulnerabilities are found. Note: Scans are best effort and may not pick up all vulnerable software. Please check your own vulnerabilities in addition to the regular scans.


UPDATE 2021-12-14 1300 AEDT: Instances in auckland are being scanned and users will be notified if vulnerabilities are found. Note: Scans are best effort and may not pick up all vulnerable software. Please check your own vulnerabilities in addition to the regular scans.

1 Votes


0 Comments