Vulnerability Scan Results: CVE-2021-44228 Log4j - superseded
Log In or Register to download the BES file, and more.

2 Votes

Versioning - This is an older version.

1Vulnerability Scan Results: CVE-2021-44228 Log4j12/10/2021 9:52:42 AM
2Vulnerability Scan Results: CVE-2021-44228 Log4j12/10/2021 10:21:09 AM
3Vulnerability Scan Results: CVE-2021-44228 Log4j12/11/2021 10:06:23 AM
4Vulnerability Scan Results: CVE-2021-44228 Log4j12/11/2021 10:07:46 AM
5Vulnerability Scan Results: CVE-2021-44228 Log4j12/13/2021 7:45:47 AM
6Vulnerability Scan Results: CVE-2021-44228 Log4j12/13/2021 8:44:24 AM
7Vulnerability Scan Results: CVE-2021-44228 Log4j12/13/2021 10:57:04 AM
8Vulnerability Scan Results: CVE-2021-44228 Log4j12/13/2021 11:21:29 AM
9Vulnerability Scan Results: CVE-2021-44228 Log4j12/14/2021 9:37:56 AM
10Vulnerability Scan Results: CVE-2021-44228 Log4j12/16/2021 1:04:25 PM
11DEPRECATED - Vulnerability Scan Results: CVE-2021-44228 Log4j12/16/2021 3:19:21 PM

Description

This Analysis parses the results of a scan for vulnerable Log4j files based on CVE-2021-44228

Update 12/13/2021:

* Shorter matching product names for sha256 comparison.

* Add sha1 comparison

* Use 'native file' if available, to avoid Wow64 Redirection on 64-bit Windows

Update 12/13/2021.02:

* Avoid `storage folder of client` in favor of `folder(pathname of parent folder of parent folder of client folder of site "actionsite")` , to handle much older BES Client versions.


Property Details

ID2998663
StatusAlpha - Code that was just developed
TitleVulnerability Scan Results: CVE-2021-44228 Log4j
DomainBESC
KeywordsCVE, CVE-2021-44228, Log4j, vulnerability, scan
Added by on 12/13/2021 8:44:24 AM
Last Modified by on 12/13/2021 8:44:24 AM
Counters 2094 Views / 34 Downloads
User Rating 1 star 2 star 3 star 4 star 5 star * Average over 0 ratings. ** Log In or Register to add your rating.

Properties

CVE-2021-44228 - Scan Results Exist
Period 1 hour
 
  * Results in a true/false
Show indented relevance
exists files "BPS-Scans/CVE-2021-44228.txt" of folder(pathname of parent folder of parent folder of client folder of site "actionsite")
CVE-2021-44228 - Scan Completion Time
Period 1 hour
 
  * Results in a true/false
Show indented relevance
modification times of files "BPS-Scans/CVE-2021-44228.txt" whose ((if exists property "locked lines" then (locked line (number of locked lines of it) of it) else (line (number of lines of it) of it)) starts with "SCAN_COMPLETE") of folder(pathname of parent folder of parent folder of client folder of site "actionsite")
CVE-2021-44228 - Log4j pathnames
Period 1 hour
 
  * Results in a true/false
Show indented relevance
(if exists property "locked lines" then locked lines of it else lines of it) whose (it does not start with "SCAN_COMPLETE") of files "BPS-Scans/CVE-2021-44228.txt" of folder(pathname of parent folder of parent folder of client folder of site "actionsite")
CVE-2021-44228 - Log4j potentially vulnerable pathnames
Period 1 hour
 
  * Results in a true/false
Show indented relevance
it whose (not exists (following texts of last "log4j-core" of it) whose (it as version >= version "2.15.0")) of (it as string) of (if exists property "locked lines" then locked lines of it else lines of it) whose (it does not start with "SCAN_COMPLETE") of files "BPS-Scans/CVE-2021-44228.txt" of folder(pathname of parent folder of parent folder of client folder of site "actionsite")
CVE-2021-44228 - Log4j path, sha256, and matching known version
Period 1 hour
 
  * Results in a true/false
Show indented relevance
(item 0 of item 0 of it, item 1 of item 0 of it, unique value of following text of first ":" of item 1 of (item 1 of item 0 of it, elements of item 1 of it) whose (item 0 of it = preceding text of first ":" of item 1 of it) | "Not Matched") of ((it, sha256 of (if exists property "native file" then native file(it) else file(it)) | "Not Found") of (it as string) of (if exists property "locked lines" then locked lines of it else lines of it) whose (it does not start with "SCAN_COMPLETE") of files "BPS-Scans/CVE-2021-44228.txt" of folder(pathname of parent folder of parent folder of client folder of site "actionsite"), set of ("bf4f41403280c1b115650d470f9b260a5c9042c04d9bcc2a6ca504a66379b2d6:log4j-core-2.0-alpha2.jar"; "58e9f72081efff9bdaabd82e3b3efe5b1b9f1666cefe28f429ad7176a6d770ae:log4j-core-2.0-beta1.jar"; "ed285ad5ac6a8cf13461d6c2874fdcd3bf67002844831f66e21c2d0adda43fa4:log4j-core-2.0-beta2.jar"; "dbf88c623cc2ad99d82fa4c575fb105e2083465a47b84d64e2e1a63e183c274e:log4j-core-2.0-beta3.jar"; "a38ddff1e797adb39a08876932bc2538d771ff7db23885fb883fec526aff4fc8:log4j-core-2.0-beta4.jar"; "7d86841489afd1097576a649094ae1efb79b3147cd162ba019861dfad4e9573b:log4j-core-2.0-beta5.jar"; "4bfb0d5022dc499908da4597f3e19f9f64d3cc98ce756a2249c72179d3d75c47:log4j-core-2.0-beta6.jar"; "473f15c04122dad810c919b2f3484d46560fd2dd4573f6695d387195816b02a6:log4j-core-2.0-beta7.jar"; "b3fae4f84d4303cdbad4696554b4e8d2381ad3faf6e0c3c8d2ce60a4388caa02:log4j-core-2.0-beta8.jar"; "dcde6033b205433d6e9855c93740f798951fa3a3f252035a768d9f356fde806d:log4j-core-2.0-beta9.jar"; "85338f694c844c8b66d8a1b981bcf38627f95579209b2662182a009d849e1a4c:log4j-core-2.0.jar"; "db3906edad6009d1886ec1e2a198249b6d99820a3575f8ec80c6ce57f08d521a:log4j-core-2.0-rc1.jar"; "ec411a34fee49692f196e4dc0a905b25d0667825904862fdba153df5e53183e0:log4j-core-2.0-rc2.jar"; "a00a54e3fb8cb83fab38f8714f240ecc13ab9c492584aa571aec5fc71b48732d:log4j-core-2.0.1.jar"; "c584d1000591efa391386264e0d43ec35f4dbb146cad9390f73358d9c84ee78d:log4j-core-2.0.2.jar"; "8bdb662843c1f4b120fb4c25a5636008085900cdf9947b1dadb9b672ea6134dc:log4j-core-2.1.jar"; "c830cde8f929c35dad42cbdb6b28447df69ceffe99937bf420d32424df4d076a:log4j-core-2.2.jar"; "6ae3b0cb657e051f97835a6432c2b0f50a651b36b6d4af395bbe9060bb4ef4b2:log4j-core-2.3.jar"; "535e19bf14d8c76ec00a7e8490287ca2e2597cae2de5b8f1f65eb81ef1c2a4c6:log4j-core-2.4.jar"; "42de36e61d454afff5e50e6930961c85b55d681e23931efd248fd9b9b9297239:log4j-core-2.4.1.jar"; "4f53e4d52efcccdc446017426c15001bb0fe444c7a6cdc9966f8741cf210d997:log4j-core-2.5.jar"; "df00277045338ceaa6f70a7b8eee178710b3ba51eac28c1142ec802157492de6:log4j-core-2.6.jar"; "28433734bd9e3121e0a0b78238d5131837b9dbe26f1a930bc872bad44e68e44e:log4j-core-2.6.1.jar"; "cf65f0d33640f2cd0a0b06dd86a5c6353938ccb25f4ffd14116b4884181e0392:log4j-core-2.6.2.jar"; "5bb84e110d5f18cee47021a024d358227612dd6dac7b97fa781f85c6ad3ccee4:log4j-core-2.7.jar"; "ccf02bb919e1a44b13b366ea1b203f98772650475f2a06e9fac4b3c957a7c3fa:log4j-core-2.8.jar"; "815a73e20e90a413662eefe8594414684df3d5723edcd76070e1a5aee864616e:log4j-core-2.8.1.jar"; "10ef331115cbbd18b5be3f3761e046523f9c95c103484082b18e67a7c36e570c:log4j-core-2.8.2.jar"; "dc815be299f81c180aa8d2924f1b015f2c46686e866bc410e72de75f7cd41aae:log4j-core-2.9.0.jar"; "9275f5d57709e2204900d3dae2727f5932f85d3813ad31c9d351def03dd3d03d:log4j-core-2.9.1.jar"; "f35ccc9978797a895e5bee58fa8c3b7ad6d5ee55386e9e532f141ee8ed2e937d:log4j-core-2.10.0.jar"; "5256517e6237b888c65c8691f29219b6658d800c23e81d5167c4a8bbd2a0daa3:log4j-core-2.11.0.jar"; "d4485176aea67cc85f5ccc45bb66166f8bfc715ae4a695f0d870a1f8d848cc3d:log4j-core-2.11.1.jar"; "3fcc4c1f2f806acfc395144c98b8ba2a80fe1bf5e3ad3397588bbd2610a37100:log4j-core-2.11.2.jar"; "057a48fe378586b6913d29b4b10162b4b5045277f1be66b7a01fb7e30bd05ef3:log4j-core-2.12.0.jar"; "5dbd6bb2381bf54563ea15bc9fbb6d7094eaf7184e6975c50f8996f77bfc3f2c:log4j-core-2.12.1.jar"; "c39b0ea14e7766440c59e5ae5f48adee038d9b1c7a1375b376e966ca12c22cd3:log4j-core-2.13.0.jar"; "6f38a25482d82cd118c4255f25b9d78d96821d22bab498cdce9cda7a563ca992:log4j-core-2.13.1.jar"; "54962835992e303928aa909730ce3a50e311068c0960c708e82ab76701db5e6b:log4j-core-2.13.2.jar"; "e5e9b0f8d72f4e7b9022b7a83c673334d7967981191d2d98f9c57dc97b4caae1:log4j-core-2.13.3.jar"; "68d793940c28ddff6670be703690dfdf9e77315970c42c4af40ca7261a8570fa:log4j-core-2.14.0.jar"; "9da0f5ca7c8eab693d090ae759275b9db4ca5acdbcfe4a63d3871e0b17367463:log4j-core-2.14.1.jar"; "006fc6623fbb961084243cfc327c885f3c57f2eba8ee05fbc4e93e5358778c85:log4j-core-2.0-alpha1.jar"; "e7048ad52e3b6f1267b7ceb2c07200a5ce61271bcf59f98fd238bf60e4137932:log4j-core-2.15.0.jar"))
CVE-2021-44228 - Log4j path, sha1, and matching known version
Period 1 hour
 
  * Results in a true/false
Show indented relevance
(item 0 of item 0 of it, item 1 of item 0 of it, unique value of following text of first ":" of item 1 of (item 1 of item 0 of it, elements of item 1 of it) whose (item 0 of it = preceding text of first ":" of item 1 of it) | "Not Matched") of ((it, sha1 of (if exists property "native file" then native file (it) else file(it)) | "Not Found") of (it as string) of (if exists property "locked lines" then locked lines of it else lines of it) whose (it does not start with "SCAN_COMPLETE") of files "BPS-Scans/CVE-2021-44228.txt" of folder(pathname of parent folder of parent folder of client folder of site "actionsite"), set of ("685125b7b8bbd7c2f58259937090ac2ae9bcb129:log4j-core-2.0-alpha2.jar"; "7058796a0aa49ea21ea2cc7bf9dece0d3b8942ae:log4j-core-2.0-beta1.jar"; "b5f9c15e1fb18d84193ac10e4bfb88af1724f5cd:log4j-core-2.0-beta2.jar"; "80b690d982b030fb2f04854407744ff44e0b72ea:log4j-core-2.0-beta3.jar"; "8f87799c2bd24c120812ed3d5271b743cfc999b5:log4j-core-2.0-beta4.jar"; "b853dec96e815981280fb9a1cc08332a6ed946f9:log4j-core-2.0-beta5.jar"; "1fb514bfbec10815d68953ed2fc4dd8c98ee245f:log4j-core-2.0-beta6.jar"; "a727fe8e718b18d541f67077c99b2ca129f77065:log4j-core-2.0-beta7.jar"; "f6ed9c56c8d58c4670059ddf417df23c9a78ff30:log4j-core-2.0-beta8.jar"; "678861ba1b2e1fccb594bb0ca03114bb05da9695:log4j-core-2.0-beta9.jar"; "7621fe28ce0122d96006bdb56c8e2cfb2a3afb92:log4j-core-2.0.jar"; "4363cdf913a584fe8fa72cf4c0eaae181ef7d1eb:log4j-core-2.0-rc1.jar"; "2e8d52acfc8c2bbbaa7baf9f3678826c354f5405:log4j-core-2.0-rc2.jar"; "895130076efaf6dcafb741ed7e97f2d346903708:log4j-core-2.0.1.jar"; "13521c5364501478e28c77a7f86b90b6ed5dbb77:log4j-core-2.0.2.jar"; "31823dcde108f2ea4a5801d1acc77869d7696533:log4j-core-2.1.jar"; "c707664e020218f8529b9a5e55016ee15f0f82ac:log4j-core-2.2.jar"; "58a3e964db5307e30650817c5daac1e8c8ede648:log4j-core-2.3.jar"; "0d99532ba3603f27bebf4cdd3653feb0e0b84cf6:log4j-core-2.4.jar"; "a5334910f90944575147fd1c1aef9f407c24db99:log4j-core-2.4.1.jar"; "7ed845de1dfe070d43511fab321784e6c4118398:log4j-core-2.5.jar"; "a7cb258b9c36f49c148834a3a35b53fe73c28777:log4j-core-2.6.jar"; "2b557bf1023c3a3a0f7f200fafcd7641b89cbb83:log4j-core-2.6.1.jar"; "00a91369f655eb1639c6aece5c5eb5108db18306:log4j-core-2.6.2.jar"; "a3f2b4e64c61a7fc1ed8f1e5ba371933404ed98a:log4j-core-2.7.jar"; "2be463a710be42bb6b4831b980f0d270b98ff233:log4j-core-2.8.jar"; "4ac28ff2f1ddf05dae3043a190451e8c46b73c31:log4j-core-2.8.1.jar"; "979fc0cf8460302e4ffbfe38c1b66a99450b0bb7:log4j-core-2.8.2.jar"; "ff857555cec4635c272286a260dbd7979c89d5b8:log4j-core-2.9.0.jar"; "8c59f9db4e5eebf7e99aa0ed2eb129bd5d8ef4f8:log4j-core-2.9.1.jar"; "989bbd2b84eba4b88a4b2a889393fac5b297e1df:log4j-core-2.10.0.jar"; "3b1c23b9117786e23cc3be6224b484d77c50c1f2:log4j-core-2.11.0.jar"; "38b9c3790c99cef205a890db876c89fd9238706c:log4j-core-2.11.1.jar"; "5bcfefcd7474c2f439576a1839ea0aeeec07f3b6:log4j-core-2.11.2.jar"; "73fe23297ccf73bad25a04e089d9627f8bf3041f:log4j-core-2.12.0.jar"; "c28f281548582ec68376e66dbde48be24fcdb457:log4j-core-2.12.1.jar"; "ef568faca168deee9adbe6f42ca8f4de6ca4557b:log4j-core-2.13.0.jar"; "5eb5ab96f8fc087135ef969ed99c76b64d255d44:log4j-core-2.13.1.jar"; "16f7b2f63b0290281294c2cbc4f26ba32f71de34:log4j-core-2.13.2.jar"; "6556d71742808e4324eabc500bd7f2cc8c004440:log4j-core-2.13.3.jar"; "94bc1813a537b3b5c04f9b4adead3c434f364a70:log4j-core-2.14.0.jar"; "c476bd8acb6e7e55f14195a88fa8802687fcf542:log4j-core-2.14.1.jar"; "e7dc681a6da4f2f203dccd1068a1ea090f67a057:log4j-core-2.0-alpha1.jar";"9bd89149d5083a2a3ab64dcc88b0227da14152ec:log4j-core-2.15.0.jar"))

Relevance

Used in 29 fixlets and 15 analyses   * Results in a true/false
Show indented relevance
if exists property "in proxy agent context" then not in proxy agent context else true

Sharing

Social Media:
Share this page on Yammer

Comments

Log In or Register to leave comments!
myee17 -
Anyone have a remediation fix for when vulnerabilities are found?
JasonWalker -
This latest version features a much better description, less frequent evaluation of the properties, and filters out known extraneous data such as results for "log4j-core-X-javadoc.jar" and "log4j-core-X-tests.jar"