On December 9, 2021, Apache Log4j was revealed to have a major risk vulnerability , Log4Shell, with the vulnerability number CVE-2021-44228. By utilizing this vulnerability, impacting Apache Log4j 2 versions 2.0 to 2.14.1, a remote attacker could take control of the affected system. Security experts call it the most serious vulnerability in the past 10 years.
A few days after the fix to Log4Shell was published, another feature of Log4j was discovered as prone to exploits, and its vulnerability was given the formal ID of CVE-2021-45046 and CVE-2021-45105.
Vulnerability | Vulnerability Type |
---|---|
CVE-2021-44228 | RCE(Remote Code Execution) |
CVE-2021-45046 | DOS(Denial of Service) |
CVE-2021-45105 | DOS(Denial of Service) |
WISE-PaaS products impacted by the vulnerabilities
Products Impacted
-
WISE-IoTSuite/AppHub : Fixed on 2021/12/31
-
Version 1.0.3 of local/virtual machine version have been updated and published on 2021/12/31, the latest version has deprecated the usage of log4j.
- Local/virtual machine version below 1.0.2 is impact by the vulnerability.
-
Version 1.0.2 of EnSaaS version have been updated and published on 2021/12/31, the latest version has deprecated the usage of log4j.
- Public cloud version below 1.0.1 is impact by the vulnerability.
-
Version 1.0.3 of local/virtual machine version have been updated and published on 2021/12/31, the latest version has deprecated the usage of log4j.
-
WISE-InsightAPM : Fixed on 2021/12/23
-
Version 3.9.3 have been updated and published on 2021/12/23, the latest version has deprecated the usage of log4j.
- apm-push and apm-report were using log4j before version 3.9.3 and is impact by the vulnerability.
-
Version 3.9.3 have been updated and published on 2021/12/23, the latest version has deprecated the usage of log4j.
Products not Impacted
- WISE-IoTSuite
- WISE-InsightAPM
- WISE-EnSaaS
- WISE-DataInsight
- WISE-AIFS
- iBuilding
User update guidance
-
WISE-InsightAPM
- How to check the versions:Login to WISE-InsightAPM Portal, and check the version below the menu.
- The latest 3.9.3 version of WISE-InsightAPM has been published on HZ and SA site.
- Public cloud users can update online directly to latest version.
- Private cloud users, please fill in Service Request Form or contact our sales for further informations.
-
WISE-IoTSuite/AppHub
- How to check the versions:In APPHub Manager, click on “about” at the top right to see the verion.
- AppHub WISE-PaaS public/private cloud version:Update through EnSaaS Catalog.
- AppHub local/virtual machine version:Using latest AppHub docker image to update.
- Please contact Jianfeng.dai@advantech.com.cnor contact our sales for further informations.
- How to check the versions:In APPHub Manager, click on “about” at the top right to see the verion.