Vulnerability Scan Results: CVE-2021-44228 Log4j - superseded
0 Votes |
Versioning - This is an older version.
1 | Vulnerability Scan Results: CVE-2021-44228 Log4j | 12/10/2021 9:52:42 AM |
2 | Vulnerability Scan Results: CVE-2021-44228 Log4j | 12/10/2021 10:21:09 AM |
3 | Vulnerability Scan Results: CVE-2021-44228 Log4j | 12/11/2021 10:06:23 AM |
4 | Vulnerability Scan Results: CVE-2021-44228 Log4j | 12/11/2021 10:07:46 AM |
5 | Vulnerability Scan Results: CVE-2021-44228 Log4j | 12/13/2021 7:45:47 AM |
6 | Vulnerability Scan Results: CVE-2021-44228 Log4j | 12/13/2021 8:44:24 AM |
7 | Vulnerability Scan Results: CVE-2021-44228 Log4j | 12/13/2021 10:57:04 AM |
8 | Vulnerability Scan Results: CVE-2021-44228 Log4j | 12/13/2021 11:21:29 AM |
9 | Vulnerability Scan Results: CVE-2021-44228 Log4j | 12/14/2021 9:37:56 AM |
10 | Vulnerability Scan Results: CVE-2021-44228 Log4j | 12/16/2021 1:04:25 PM |
11 | DEPRECATED - Vulnerability Scan Results: CVE-2021-44228 Log4j | 12/16/2021 3:19:21 PM |
Description
This Analysis parses the results of a scan for vulnerable Log4j files based on CVE-2021-44228.
Versions of Log4j-core lower than 2.15.0 may be vulnerable to CVE-2021-44228 as described at https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228
This Analyses parses results of a filesystem scan executed by the accompanying Task.
Properties reported:
- CVE-2021-44228 - Scan Results Exist - Indicates the scan has been performed on the affected endpoint.
- CVE-2021-44228 - Scan Completion Time - Indicates the time the scan completed, if the scan is not still in progress.
- CVE-2021-44228 - Log4j pathnames - Indicates the file paths where any log4j-core*.jar file has been found
- CVE-2021-44228 - Log4j potentially vulnerable pathnames - Based on the log4j-core file name, indicates any paths where a version earlier than 2.15.0 may be found
- CVE-2021-44228 - Log4j path, sha256, and matching known version - For all detected log4j-core-X.jar files, compare the given file to a list of known sha256 hashes and indicate whether the file matches any of the known hashes
- CVE-2021-44228 - Log4j path, sha1, and matching known version - For all detected log4j-core-X.jar files, compare the given file to a list of known sha1 hashes and indicate whether the file matches any of the known hashes. This is useful for older BigFix clients that may lack the sha256 inspector.
The comparison between detected files, and known sha256 / sha1 hashes, can be helpful to indicate whether a given file has been replaced by the corrected 2.15.0 version while keeping an earlier version filename for application compatibility.
Update 12/13/2021:
* Shorter matching product names for sha256 comparison.
* Add sha1 comparison
* Use 'native file' if available, to avoid Wow64 Redirection on 64-bit Windows
Update 12/13/2021.02:
* Avoid `storage folder of client` in favor of `folder(pathname of parent folder of parent folder of client folder of site "actionsite")` , to handle much older BES Client versions.
Property Details
2998664 | |
Alpha - Code that was just developed | |
Vulnerability Scan Results: CVE-2021-44228 Log4j | |
BESC | |
CVE, CVE-2021-44228, Log4j, vulnerability, scan | |
JasonWalker on 12/13/2021 10:57:04 AM | |
JasonWalker on 12/13/2021 10:57:04 AM | |
551 Views / 6 Downloads | |
![]() ![]() ![]() ![]() ![]() |
Properties
* Results in a true/false |

* Results in a true/false |

* Results in a true/false |

* Results in a true/false |

* Results in a true/false |

* Results in a true/false |

Relevance

Sharing
Social Media: |
Comments
![]() |
|
How do you review the flagged devices after running this? |
![]() |
|
Anyone have a remediation fix for when vulnerabilities are found? |
![]() |
|
Removed the sha256 comparisons. |
![]() |
|
This latest version features a much better description, less frequent evaluation of the properties, and filters out known extraneous data such as results for "log4j-core-X-javadoc.jar" and "log4j-core-X-tests.jar" |