With the recent flurry of emails in January 2022 regarding Log4j Vulnerability, we created a Canned response called: Log4j Vulnerability. Use it for responding to emails regarding the Log4j Vulnerability.
The Log4j Vulnerability Canned response contains the following links.
The following solutions do not utilize Java and are NOT affected by the Log4j 2 / Log4Shell vulnerability.
- Sage Estimating | Sage CRE300/100 - https://www.sage.com/en-us/products/sage-300-construction-and-real-estate/
- Eos Navigator - https://eosgroup.com/eos-navigator/
- Eos Cortex - https://eosgroup.com/eos-cortex/
- eTakeoff Dimension - https://etakeoff.com/products/dimension-overview/
- eTakeoff Bridget - https://etakeoff.com/products/bridge-overview/
Reference:
- Wired Article - The Next Wave of Log4J Attacks Will Be Brutal (So far, Log4Shell has resulted mostly in cryptomining and a little espionage. The really bad stuff is just around the corner.) - https://www.wired.com/story/log4j-log4shell-vulnerability-ransomware-second-wave/
- dynatrace Article - What is Log4Shell? The Log4j vulnerability explained (and what to do about it) - https://www.dynatrace.com/news/blog/what-is-log4shell/
- Apache Log4j 2 - https://logging.apache.org/log4j/2.x/
- CVE-2021-44228 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228 | https://nvd.nist.gov/vuln/detail/CVE-2021-44228
- CVE-2021-45046 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046 | https://nvd.nist.gov/vuln/detail/CVE-2021-45046
- CVE-2021-45105 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45105 | https://nvd.nist.gov/vuln/detail/CVE-2021-45105
- CVE-2021-44832 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44832 | https://nvd.nist.gov/vuln/detail/CVE-2021-44832