Apache Log4j2 遠程代碼執行漏洞攻擊

據安全情報,在12月9日晚間出現了Apache Log4j2 遠程代碼執行漏洞攻擊代碼。該漏洞利用無需特殊配置,攻擊者就可利用該漏洞遠程執行代碼,因此應用了Apache Log4j2的企業將面臨極大的威脅。
Apache Log4j2是一款開源的Java日誌框架,被廣泛地應用在中間件、開發框架與Web應用中,用來記錄日誌信息。
請參閱 2021 年 12 月 9 日披露的與 Apache Log4j(許多基於 Java 的應用程序中使用的日誌記錄工具)相關的遠程代碼執行漏洞 (CVE-2021-44228),Amidas 正在密切了解我們供應商的調查結果和緩解計劃。 應用最新的安全更新
為解決此漏洞,Amidas 建議客戶應用最新的安全更新來修復此漏洞。請查看 Apache CVE 和 Apache securityadvisory 以獲取更多詳細信息:
• Apache CVE: CVE-2021-44228
• Apache 安全公告:Apache Log4j Security Vulnerabilities
所有系統,包括那些不面向客戶的系統,都可能容易受到這種攻擊,因此後端系統和微服務也應該升級。推薦的操作是將 Log4j 2 更新到 2.15.0。將需要重新啟動服務。 這是產品列表和參考鏈接:
Affected products and services
Apache
Apache Cassandra via appender
Apache Storm via Docker
Broadcom (Including CA & Symantec)
The current list can be found in the advisory.
Cisco
The current list can be found in the advisory.
VMware
The current list can be found in the advisory.
Others
CheckPoint Quantum Security Management
Forcepoint Security Manager & DLP Manager
Fortinet FortiAIOps, FortiCASB, FortiConvertor, FortiEDR Cloud, FortiNAC, FortiPolicy, FortiPortal , FortiSIEM, FortiSOAR, ShieldX
Okta Radius Server Agent & On-Prem MFA Agent
PureStorage Portworx and possibly other products
Red Hat is reporting affected packages
ServiceNow MID Servers & self-hosted
SolarWinds SAM & DPA
Potentially affected products
Avaya is still investigating.
Blackberry may be affected.
BMC Software is still investigating.
Citrix is still investigating many products.
Dell is still investigating.
F5 is still investigating.
Huawei is still investigating.
IBM QRadar may be vulnerable.
McAfee is still investigating.
Oracle has not flagged any specific products yet.
SonicWall is still investigating.
TrendMicro is still investigating.
Amidas 將繼續監控並回報我們供應商提供與此漏洞相關的新信息。
如果您有任何疑問,請隨時透過 support@amidas.com.hk 聯絡我們。
如有任何疑問,歡迎透過以上方式聯絡我們:
電話:2168 0388
Whatsapp: 98283401
電郵:sales@amidas.com.hk