On December 9, 2021, Namirial was made aware of a security vulnerability impacting the Apache Log4j 2 Java library dubbed Log4Shell (or LogJam) reported with CVE-2021-44228. This vulnerability, which is being widely exploited by a growing set of threat actors, presents an urgent challenge to network defenders given its broad use. We immediately mobilized to understand and remediate any exposures that we might have to this vulnerability.
...
Subsequently to the publication of the CVE-2021-44228 an additional vulnerability has been published with CVE-2021-45046. Namirial confirms that the investigations have been extended on December 14 even to this vulnerability.
...
Subsequently to the publication of the CVE-2021-45046 an additional vulnerability has been published with CVE-2021-45105. Namirial confirms that the investigations have been extended on December 18 even to this vulnerability.
** Update 29/12/2021 **
Subsequently to the publication of the CVE-2021-45105 an additional vulnerability has been published with CVE-2021-44832. Namirial confirms that the investigations have been extended on December 29 even to this vulnerability.
Namirial Enterprise
Namirial is continuing to inventory our products and systems potentially impacted by these vulnerabilities. As necessary, we are updating to Log4j version 2.17.1, which fixes all the vulnerabilities reported till December 2029, and applying mitigations in the interim, even in cases where additional control layers such as network controls and web application firewalls prevent exploitation of these vulnerabilities. Anyway, due to the criticality of the services provided, Namirial does not share documents or information relating to its security systems and controls to respond to the requests for additions and clarifications regarding the security of information made by third parties, be they Customers, Suppliers and/or Partners.
...
The Namirial team of hackers, responders, researchers, intelligence analysts and investigators are actively engaged in the response to Log4jShell. Detection and Indicators of Compromise (IOCs)Log4Shell.
Namirial Cloud and as-a-Service Products
...
Products not Impacted
Namirial’s analysis has determined that the following Namirial products are not susceptible to any vulnerability reported above.
In this page the list of Products not impacted. This list is not final and continuously updated.In this page the list of Products not impacted. This are still in place to determine which of the above vulnerabilities impacts our products. Here a list of Products not Impacted on the basis of latest analysis. This list is not final and continuously updated.
