Vulnerability Scan Results: CVE-2021-44228 Log4j - superseded
Log In or Register to download the BES file, and more.

0 Votes

Versioning - This is an older version.

1Vulnerability Scan Results: CVE-2021-44228 Log4j12/10/2021 9:52:42 AM
2Vulnerability Scan Results: CVE-2021-44228 Log4j12/10/2021 10:21:09 AM
3Vulnerability Scan Results: CVE-2021-44228 Log4j12/11/2021 10:06:23 AM
4Vulnerability Scan Results: CVE-2021-44228 Log4j12/11/2021 10:07:46 AM
5Vulnerability Scan Results: CVE-2021-44228 Log4j12/13/2021 7:45:47 AM
6Vulnerability Scan Results: CVE-2021-44228 Log4j12/13/2021 8:44:24 AM
7Vulnerability Scan Results: CVE-2021-44228 Log4j12/13/2021 10:57:04 AM
8Vulnerability Scan Results: CVE-2021-44228 Log4j12/13/2021 11:21:29 AM
9Vulnerability Scan Results: CVE-2021-44228 Log4j12/14/2021 9:37:56 AM
10Vulnerability Scan Results: CVE-2021-44228 Log4j12/16/2021 1:04:25 PM
11DEPRECATED - Vulnerability Scan Results: CVE-2021-44228 Log4j12/16/2021 3:19:21 PM

Description

This Analysis parses the results of a scan for vulnerable Log4j files based on CVE-2021-44228.

Versions of Log4j-core lower than 2.15.0 may be vulnerable to CVE-2021-44228 as described at https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228

This Analyses parses results of a filesystem scan executed by the accompanying Task.

Properties reported:

  • CVE-2021-44228 - Scan Results Exist - Indicates the scan has been performed on the affected endpoint.
  • CVE-2021-44228 - Scan Completion Time - Indicates the time the scan completed, if the scan is not still in progress.
  • CVE-2021-44228 - Log4j pathnames - Indicates the file paths where any log4j-core*.jar file has been found
  • CVE-2021-44228 - Log4j potentially vulnerable pathnames - Based on the log4j-core file name, indicates any paths where a version earlier than  2.15.0 may be found
  • CVE-2021-44228 - Log4j path, sha256, and matching known version - For all detected log4j-core-X.jar files, compare the given file to a list of known sha256 hashes and indicate whether the file matches any of the known hashes
  • CVE-2021-44228 - Log4j path, sha1, and matching known version - For all detected log4j-core-X.jar files, compare the given file to a list of known sha1 hashes and indicate whether the file matches any of the known hashes.  This is useful for older BigFix clients that may lack the sha256 inspector.

The comparison between detected files, and known sha256 / sha1 hashes, can be helpful to indicate whether a given file has been replaced by the corrected 2.15.0 version while keeping an earlier version filename for application compatibility.

Update 12/13/2021:

* Shorter matching product names for sha256 comparison.

* Add sha1 comparison

* Use 'native file' if available, to avoid Wow64 Redirection on 64-bit Windows

Update 12/13/2021.02:

* Avoid `storage folder of client` in favor of `folder(pathname of parent folder of parent folder of client folder of site "actionsite")` , to handle much older BES Client versions.


Property Details

ID2998664
StatusAlpha - Code that was just developed
TitleVulnerability Scan Results: CVE-2021-44228 Log4j
DomainBESC
KeywordsCVE, CVE-2021-44228, Log4j, vulnerability, scan
Added by on 12/13/2021 10:57:04 AM
Last Modified by on 12/13/2021 10:57:04 AM
Counters 464 Views / 6 Downloads
User Rating 1 star 2 star 3 star 4 star 5 star * Average over 0 ratings. ** Log In or Register to add your rating.

Properties

CVE-2021-44228 - Scan Results Exist
Period 6 hours
 
  * Results in a true/false
Show indented relevance
exists files "BPS-Scans/CVE-2021-44228.txt" of folder(pathname of parent folder of parent folder of client folder of site "actionsite")
CVE-2021-44228 - Scan Completion Time
Period 6 hours
 
  * Results in a true/false
Show indented relevance
modification times of files "BPS-Scans/CVE-2021-44228.txt" whose ((if exists property "locked lines" then (locked line (number of locked lines of it) of it) else (line (number of lines of it) of it)) starts with "SCAN_COMPLETE") of folder(pathname of parent folder of parent folder of client folder of site "actionsite")
CVE-2021-44228 - Log4j pathnames
Period 6 hours
 
  * Results in a true/false
Show indented relevance
(if exists property "locked lines" then locked lines of it else lines of it) whose (it does not start with "SCAN_COMPLETE" and it as lowercase does not end with "-javadoc.jar" and it as lowercase does not end with "-sources.jar" and it as lowercase does not end with "-tests.jar") of files "BPS-Scans/CVE-2021-44228.txt" of folder(pathname of parent folder of parent folder of client folder of site "actionsite")
CVE-2021-44228 - Log4j potentially vulnerable pathnames
Period 6 hours
 
  * Results in a true/false
Show indented relevance
it whose (not exists (following texts of last "log4j-core" of it) whose (it as version >= version "2.15.0")) of (it as string) of (if exists property "locked lines" then locked lines of it else lines of it) whose (it does not start with "SCAN_COMPLETE" and it as lowercase does not end with "-javadoc.jar" and it as lowercase does not end with "-sources.jar" and it as lowercase does not end with "-tests.jar") of files "BPS-Scans/CVE-2021-44228.txt" of folder(pathname of parent folder of parent folder of client folder of site "actionsite")
CVE-2021-44228 - Log4j path, sha256, and matching known version
Period 6 hours
 
  * Results in a true/false
Show indented relevance
(item 0 of item 0 of it, item 1 of item 0 of it, unique value of following text of first ":" of item 1 of (item 1 of item 0 of it, elements of item 1 of it) whose (item 0 of it = preceding text of first ":" of item 1 of it) | "Not Matched") of ((it, sha256 of (if exists property "native file" then native file(it) else file(it)) | "Not Found") of (it as string) of (if exists property "locked lines" then locked lines of it else lines of it) whose (it does not start with "SCAN_COMPLETE" and it as lowercase does not end with "-javadoc.jar" and it as lowercase does not end with "-sources.jar" and it as lowercase does not end with "-tests.jar") of files "BPS-Scans/CVE-2021-44228.txt" of folder(pathname of parent folder of parent folder of client folder of site "actionsite"), set of ("bf4f41403280c1b115650d470f9b260a5c9042c04d9bcc2a6ca504a66379b2d6:log4j-core-2.0-alpha2.jar"; "58e9f72081efff9bdaabd82e3b3efe5b1b9f1666cefe28f429ad7176a6d770ae:log4j-core-2.0-beta1.jar"; "ed285ad5ac6a8cf13461d6c2874fdcd3bf67002844831f66e21c2d0adda43fa4:log4j-core-2.0-beta2.jar"; "dbf88c623cc2ad99d82fa4c575fb105e2083465a47b84d64e2e1a63e183c274e:log4j-core-2.0-beta3.jar"; "a38ddff1e797adb39a08876932bc2538d771ff7db23885fb883fec526aff4fc8:log4j-core-2.0-beta4.jar"; "7d86841489afd1097576a649094ae1efb79b3147cd162ba019861dfad4e9573b:log4j-core-2.0-beta5.jar"; "4bfb0d5022dc499908da4597f3e19f9f64d3cc98ce756a2249c72179d3d75c47:log4j-core-2.0-beta6.jar"; "473f15c04122dad810c919b2f3484d46560fd2dd4573f6695d387195816b02a6:log4j-core-2.0-beta7.jar"; "b3fae4f84d4303cdbad4696554b4e8d2381ad3faf6e0c3c8d2ce60a4388caa02:log4j-core-2.0-beta8.jar"; "dcde6033b205433d6e9855c93740f798951fa3a3f252035a768d9f356fde806d:log4j-core-2.0-beta9.jar"; "85338f694c844c8b66d8a1b981bcf38627f95579209b2662182a009d849e1a4c:log4j-core-2.0.jar"; "db3906edad6009d1886ec1e2a198249b6d99820a3575f8ec80c6ce57f08d521a:log4j-core-2.0-rc1.jar"; "ec411a34fee49692f196e4dc0a905b25d0667825904862fdba153df5e53183e0:log4j-core-2.0-rc2.jar"; "a00a54e3fb8cb83fab38f8714f240ecc13ab9c492584aa571aec5fc71b48732d:log4j-core-2.0.1.jar"; "c584d1000591efa391386264e0d43ec35f4dbb146cad9390f73358d9c84ee78d:log4j-core-2.0.2.jar"; "8bdb662843c1f4b120fb4c25a5636008085900cdf9947b1dadb9b672ea6134dc:log4j-core-2.1.jar"; "c830cde8f929c35dad42cbdb6b28447df69ceffe99937bf420d32424df4d076a:log4j-core-2.2.jar"; "6ae3b0cb657e051f97835a6432c2b0f50a651b36b6d4af395bbe9060bb4ef4b2:log4j-core-2.3.jar"; "535e19bf14d8c76ec00a7e8490287ca2e2597cae2de5b8f1f65eb81ef1c2a4c6:log4j-core-2.4.jar"; "42de36e61d454afff5e50e6930961c85b55d681e23931efd248fd9b9b9297239:log4j-core-2.4.1.jar"; "4f53e4d52efcccdc446017426c15001bb0fe444c7a6cdc9966f8741cf210d997:log4j-core-2.5.jar"; "df00277045338ceaa6f70a7b8eee178710b3ba51eac28c1142ec802157492de6:log4j-core-2.6.jar"; "28433734bd9e3121e0a0b78238d5131837b9dbe26f1a930bc872bad44e68e44e:log4j-core-2.6.1.jar"; "cf65f0d33640f2cd0a0b06dd86a5c6353938ccb25f4ffd14116b4884181e0392:log4j-core-2.6.2.jar"; "5bb84e110d5f18cee47021a024d358227612dd6dac7b97fa781f85c6ad3ccee4:log4j-core-2.7.jar"; "ccf02bb919e1a44b13b366ea1b203f98772650475f2a06e9fac4b3c957a7c3fa:log4j-core-2.8.jar"; "815a73e20e90a413662eefe8594414684df3d5723edcd76070e1a5aee864616e:log4j-core-2.8.1.jar"; "10ef331115cbbd18b5be3f3761e046523f9c95c103484082b18e67a7c36e570c:log4j-core-2.8.2.jar"; "dc815be299f81c180aa8d2924f1b015f2c46686e866bc410e72de75f7cd41aae:log4j-core-2.9.0.jar"; "9275f5d57709e2204900d3dae2727f5932f85d3813ad31c9d351def03dd3d03d:log4j-core-2.9.1.jar"; "f35ccc9978797a895e5bee58fa8c3b7ad6d5ee55386e9e532f141ee8ed2e937d:log4j-core-2.10.0.jar"; "5256517e6237b888c65c8691f29219b6658d800c23e81d5167c4a8bbd2a0daa3:log4j-core-2.11.0.jar"; "d4485176aea67cc85f5ccc45bb66166f8bfc715ae4a695f0d870a1f8d848cc3d:log4j-core-2.11.1.jar"; "3fcc4c1f2f806acfc395144c98b8ba2a80fe1bf5e3ad3397588bbd2610a37100:log4j-core-2.11.2.jar"; "057a48fe378586b6913d29b4b10162b4b5045277f1be66b7a01fb7e30bd05ef3:log4j-core-2.12.0.jar"; "5dbd6bb2381bf54563ea15bc9fbb6d7094eaf7184e6975c50f8996f77bfc3f2c:log4j-core-2.12.1.jar"; "c39b0ea14e7766440c59e5ae5f48adee038d9b1c7a1375b376e966ca12c22cd3:log4j-core-2.13.0.jar"; "6f38a25482d82cd118c4255f25b9d78d96821d22bab498cdce9cda7a563ca992:log4j-core-2.13.1.jar"; "54962835992e303928aa909730ce3a50e311068c0960c708e82ab76701db5e6b:log4j-core-2.13.2.jar"; "e5e9b0f8d72f4e7b9022b7a83c673334d7967981191d2d98f9c57dc97b4caae1:log4j-core-2.13.3.jar"; "68d793940c28ddff6670be703690dfdf9e77315970c42c4af40ca7261a8570fa:log4j-core-2.14.0.jar"; "9da0f5ca7c8eab693d090ae759275b9db4ca5acdbcfe4a63d3871e0b17367463:log4j-core-2.14.1.jar"; "006fc6623fbb961084243cfc327c885f3c57f2eba8ee05fbc4e93e5358778c85:log4j-core-2.0-alpha1.jar"; "e7048ad52e3b6f1267b7ceb2c07200a5ce61271bcf59f98fd238bf60e4137932:log4j-core-2.15.0.jar"))
CVE-2021-44228 - Log4j path, sha1, and matching known version
Period 6 hours
 
  * Results in a true/false
Show indented relevance
(item 0 of item 0 of it, item 1 of item 0 of it, unique value of following text of first ":" of item 1 of (item 1 of item 0 of it, elements of item 1 of it) whose (item 0 of it = preceding text of first ":" of item 1 of it) | "Not Matched") of ((it, sha1 of (if exists property "native file" then native file (it) else file(it)) | "Not Found") of (it as string) of (if exists property "locked lines" then locked lines of it else lines of it) whose (it does not start with "SCAN_COMPLETE" and it as lowercase does not end with "-javadoc.jar" and it as lowercase does not end with "-sources.jar" and it as lowercase does not end with "-tests.jar") of files "BPS-Scans/CVE-2021-44228.txt" of folder(pathname of parent folder of parent folder of client folder of site "actionsite"), set of ("685125b7b8bbd7c2f58259937090ac2ae9bcb129:log4j-core-2.0-alpha2.jar"; "7058796a0aa49ea21ea2cc7bf9dece0d3b8942ae:log4j-core-2.0-beta1.jar"; "b5f9c15e1fb18d84193ac10e4bfb88af1724f5cd:log4j-core-2.0-beta2.jar"; "80b690d982b030fb2f04854407744ff44e0b72ea:log4j-core-2.0-beta3.jar"; "8f87799c2bd24c120812ed3d5271b743cfc999b5:log4j-core-2.0-beta4.jar"; "b853dec96e815981280fb9a1cc08332a6ed946f9:log4j-core-2.0-beta5.jar"; "1fb514bfbec10815d68953ed2fc4dd8c98ee245f:log4j-core-2.0-beta6.jar"; "a727fe8e718b18d541f67077c99b2ca129f77065:log4j-core-2.0-beta7.jar"; "f6ed9c56c8d58c4670059ddf417df23c9a78ff30:log4j-core-2.0-beta8.jar"; "678861ba1b2e1fccb594bb0ca03114bb05da9695:log4j-core-2.0-beta9.jar"; "7621fe28ce0122d96006bdb56c8e2cfb2a3afb92:log4j-core-2.0.jar"; "4363cdf913a584fe8fa72cf4c0eaae181ef7d1eb:log4j-core-2.0-rc1.jar"; "2e8d52acfc8c2bbbaa7baf9f3678826c354f5405:log4j-core-2.0-rc2.jar"; "895130076efaf6dcafb741ed7e97f2d346903708:log4j-core-2.0.1.jar"; "13521c5364501478e28c77a7f86b90b6ed5dbb77:log4j-core-2.0.2.jar"; "31823dcde108f2ea4a5801d1acc77869d7696533:log4j-core-2.1.jar"; "c707664e020218f8529b9a5e55016ee15f0f82ac:log4j-core-2.2.jar"; "58a3e964db5307e30650817c5daac1e8c8ede648:log4j-core-2.3.jar"; "0d99532ba3603f27bebf4cdd3653feb0e0b84cf6:log4j-core-2.4.jar"; "a5334910f90944575147fd1c1aef9f407c24db99:log4j-core-2.4.1.jar"; "7ed845de1dfe070d43511fab321784e6c4118398:log4j-core-2.5.jar"; "a7cb258b9c36f49c148834a3a35b53fe73c28777:log4j-core-2.6.jar"; "2b557bf1023c3a3a0f7f200fafcd7641b89cbb83:log4j-core-2.6.1.jar"; "00a91369f655eb1639c6aece5c5eb5108db18306:log4j-core-2.6.2.jar"; "a3f2b4e64c61a7fc1ed8f1e5ba371933404ed98a:log4j-core-2.7.jar"; "2be463a710be42bb6b4831b980f0d270b98ff233:log4j-core-2.8.jar"; "4ac28ff2f1ddf05dae3043a190451e8c46b73c31:log4j-core-2.8.1.jar"; "979fc0cf8460302e4ffbfe38c1b66a99450b0bb7:log4j-core-2.8.2.jar"; "ff857555cec4635c272286a260dbd7979c89d5b8:log4j-core-2.9.0.jar"; "8c59f9db4e5eebf7e99aa0ed2eb129bd5d8ef4f8:log4j-core-2.9.1.jar"; "989bbd2b84eba4b88a4b2a889393fac5b297e1df:log4j-core-2.10.0.jar"; "3b1c23b9117786e23cc3be6224b484d77c50c1f2:log4j-core-2.11.0.jar"; "38b9c3790c99cef205a890db876c89fd9238706c:log4j-core-2.11.1.jar"; "5bcfefcd7474c2f439576a1839ea0aeeec07f3b6:log4j-core-2.11.2.jar"; "73fe23297ccf73bad25a04e089d9627f8bf3041f:log4j-core-2.12.0.jar"; "c28f281548582ec68376e66dbde48be24fcdb457:log4j-core-2.12.1.jar"; "ef568faca168deee9adbe6f42ca8f4de6ca4557b:log4j-core-2.13.0.jar"; "5eb5ab96f8fc087135ef969ed99c76b64d255d44:log4j-core-2.13.1.jar"; "16f7b2f63b0290281294c2cbc4f26ba32f71de34:log4j-core-2.13.2.jar"; "6556d71742808e4324eabc500bd7f2cc8c004440:log4j-core-2.13.3.jar"; "94bc1813a537b3b5c04f9b4adead3c434f364a70:log4j-core-2.14.0.jar"; "c476bd8acb6e7e55f14195a88fa8802687fcf542:log4j-core-2.14.1.jar"; "e7dc681a6da4f2f203dccd1068a1ea090f67a057:log4j-core-2.0-alpha1.jar";"9bd89149d5083a2a3ab64dcc88b0227da14152ec:log4j-core-2.15.0.jar"))

Relevance

Used in 28 fixlets and 15 analyses   * Results in a true/false
Show indented relevance
if exists property "in proxy agent context" then not in proxy agent context else true

Sharing

Social Media:
Share this page on Yammer

Comments

Log In or Register to leave comments!
sargonias -
How do you review the flagged devices after running this?
myee17 -
Anyone have a remediation fix for when vulnerabilities are found?
JasonWalker -
Removed the sha256 comparisons.
JasonWalker -
This latest version features a much better description, less frequent evaluation of the properties, and filters out known extraneous data such as results for "log4j-core-X-javadoc.jar" and "log4j-core-X-tests.jar"