On December 9, 2021, Namirial was made aware of a security vulnerability impacting the Apache Log4j 2 Java library dubbed Log4Shell (or LogJam) reported with CVE-2021-44228. This vulnerability, which is being widely exploited by a growing set of threat actors, presents an urgent challenge to network defenders given its broad use. We immediately mobilized to understand and remediate any exposures that we might have to this vulnerability.
...
Subsequently to the publication of the CVE-2021-44228 an additional vulnerability has been published with CVE-2021-45046. Namirial confirms that the investigations have been extended on December 14 even to this vulnerability.
...
Subsequently to the publication of the CVE-2021-45046 an additional vulnerability has been published with CVE-2021-45105. Namirial confirms that the investigations have been extended on December 18 even to this vulnerability.
** Update 29/12/2021 **
Subsequently to the publication of the CVE-2021-45105 an additional vulnerability has been published with CVE-2021-44832. Namirial confirms that the investigations have been extended on December 29 even to this vulnerability.
Namirial Enterprise
Namirial is continuing to inventory our products and systems potentially impacted by these vulnerabilities. As necessary, we are updating to Log4j version 2.17.1, which fixes all the vulnerabilities reported till December 2029, and applying mitigations in the interim, even in cases where additional control layers such as network controls and web application firewalls prevent exploitation of these vulnerabilities. Anyway, due to the criticality of the services provided, Namirial does not share documents or information relating to its security systems and controls to respond to the requests for additions and clarifications regarding the security of information made by third parties, be they Customers, Suppliers and/or Partners.
...
The Namirial team of hackers, responders, researchers, intelligence analysts and investigators are actively engaged in the response to Log4jShell. Detection and Indicators of Compromise (IOCs)Log4Shell.
Namirial Cloud and as-a-Service Products
For Namirial Cloud services, Namirial is remediating managed as-a-service Cloud offerings as applicable, even in cases where additional control layers such as network controls and web application firewalls prevent exploitation of this vulnerability.
Clients who have deployed their own applications using the Namirial Infrastructure as a Service, or virtual and bare metal machines are responsible for remediating any Log4j vulnerabilities running on those services.
For the portion of Namirial Cloud services using Java technologies, Namirial is continuing to assess and remediate any remaining services using Log4j and validate that mitigating controls remain effective.
Products not Impacted
In this page the list of Namirial’s analysis are still in place to determine which of the above vulnerabilities impacts our products. Here a list of Products not Impacted. This on the basis of latest analysis. This list is not final and continuously updated.
...