Vulnerability Scan Results: CVE-2021-44228 Log4j - superseded
| 0 Votes |
Versioning - This is an older version.
| 1 | Vulnerability Scan Results: CVE-2021-44228 Log4j | 12/10/2021 9:52:42 AM |
| 2 | Vulnerability Scan Results: CVE-2021-44228 Log4j | 12/10/2021 10:21:09 AM |
| 3 | Vulnerability Scan Results: CVE-2021-44228 Log4j | 12/11/2021 10:06:23 AM |
| 4 | Vulnerability Scan Results: CVE-2021-44228 Log4j | 12/11/2021 10:07:46 AM |
| 5 | Vulnerability Scan Results: CVE-2021-44228 Log4j | 12/13/2021 7:45:47 AM |
| 6 | Vulnerability Scan Results: CVE-2021-44228 Log4j | 12/13/2021 8:44:24 AM |
| 7 | Vulnerability Scan Results: CVE-2021-44228 Log4j | 12/13/2021 10:57:04 AM |
| 8 | Vulnerability Scan Results: CVE-2021-44228 Log4j | 12/13/2021 11:21:29 AM |
| 9 | Vulnerability Scan Results: CVE-2021-44228 Log4j | 12/14/2021 9:37:56 AM |
| 10 | Vulnerability Scan Results: CVE-2021-44228 Log4j | 12/16/2021 1:04:25 PM |
| 11 | DEPRECATED - Vulnerability Scan Results: CVE-2021-44228 Log4j | 12/16/2021 3:19:21 PM |
Description
This Analysis parses the results of a scan for vulnerable Log4j files based on CVE-2021-44228.
Versions of Log4j-core lower than 2.15.0 may be vulnerable to CVE-2021-44228 as described at https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228
This Analyses parses results of a filesystem scan executed by the accompanying Task.
Properties reported:
- CVE-2021-44228 - Scan Results Exist - Indicates the scan has been performed on the affected endpoint.
- CVE-2021-44228 - Scan Completion Time - Indicates the time the scan completed, if the scan is not still in progress.
- CVE-2021-44228 - Log4j pathnames - Indicates the file paths where any log4j-core*.jar file has been found
- CVE-2021-44228 - Log4j potentially vulnerable pathnames - Based on the log4j-core file name, indicates any paths where a version earlier than 2.15.0 may be found
- CVE-2021-44228 - Log4j path, sha256, and matching known version - For all detected log4j-core-X.jar files, compare the given file to a list of known sha256 hashes and indicate whether the file matches any of the known hashes
- CVE-2021-44228 - Log4j path, sha1, and matching known version - For all detected log4j-core-X.jar files, compare the given file to a list of known sha1 hashes and indicate whether the file matches any of the known hashes. This is useful for older BigFix clients that may lack the sha256 inspector.
The comparison between detected files, and known sha256 / sha1 hashes, can be helpful to indicate whether a given file has been replaced by the corrected 2.15.0 version while keeping an earlier version filename for application compatibility.
Update 12/13/2021:
* Shorter matching product names for sha256 comparison.
* Add sha1 comparison
* Use 'native file' if available, to avoid Wow64 Redirection on 64-bit Windows
Update 12/13/2021.02:
* Avoid `storage folder of client` in favor of `folder(pathname of parent folder of parent folder of client folder of site "actionsite")` , to handle much older BES Client versions.
Property Details
| 2998664 | |
| Alpha - Code that was just developed | |
| Vulnerability Scan Results: CVE-2021-44228 Log4j | |
| BESC | |
| CVE, CVE-2021-44228, Log4j, vulnerability, scan | |
| JasonWalker on 12/13/2021 10:57:04 AM | |
| JasonWalker on 12/13/2021 10:57:04 AM | |
| 464 Views / 6 Downloads | |
* Average over 0 ratings.
** Log In or Register to add your rating.
|
Properties
CVE-2021-44228 - Scan Results Exist
Period
6 hours
| * Results in a true/false |
exists files "BPS-Scans/CVE-2021-44228.txt" of folder(pathname of parent folder of parent folder of client folder of site "actionsite")
CVE-2021-44228 - Scan Completion Time
Period
6 hours
| * Results in a true/false |
modification times of files "BPS-Scans/CVE-2021-44228.txt" whose ((if exists property "locked lines" then (locked line (number of locked lines of it) of it) else (line (number of lines of it) of it)) starts with "SCAN_COMPLETE") of folder(pathname of parent folder of parent folder of client folder of site "actionsite")
CVE-2021-44228 - Log4j pathnames
Period
6 hours
| * Results in a true/false |
(if exists property "locked lines" then locked lines of it else lines of it) whose (it does not start with "SCAN_COMPLETE" and it as lowercase does not end with "-javadoc.jar" and it as lowercase does not end with "-sources.jar" and it as lowercase does not end with "-tests.jar") of files "BPS-Scans/CVE-2021-44228.txt" of folder(pathname of parent folder of parent folder of client folder of site "actionsite")
CVE-2021-44228 - Log4j potentially vulnerable pathnames
Period
6 hours
| * Results in a true/false |
it whose (not exists (following texts of last "log4j-core" of it) whose (it as version >= version "2.15.0")) of (it as string) of (if exists property "locked lines" then locked lines of it else lines of it) whose (it does not start with "SCAN_COMPLETE" and it as lowercase does not end with "-javadoc.jar" and it as lowercase does not end with "-sources.jar" and it as lowercase does not end with "-tests.jar") of files "BPS-Scans/CVE-2021-44228.txt" of folder(pathname of parent folder of parent folder of client folder of site "actionsite")
CVE-2021-44228 - Log4j path, sha256, and matching known version
Period
6 hours
| * Results in a true/false |
(item 0 of item 0 of it, item 1 of item 0 of it, unique value of following text of first ":" of item 1 of (item 1 of item 0 of it, elements of item 1 of it) whose (item 0 of it = preceding text of first ":" of item 1 of it) | "Not Matched") of ((it, sha256 of (if exists property "native file" then native file(it) else file(it)) | "Not Found") of (it as string) of (if exists property "locked lines" then locked lines of it else lines of it) whose (it does not start with "SCAN_COMPLETE" and it as lowercase does not end with "-javadoc.jar" and it as lowercase does not end with "-sources.jar" and it as lowercase does not end with "-tests.jar") of files "BPS-Scans/CVE-2021-44228.txt" of folder(pathname of parent folder of parent folder of client folder of site "actionsite"), set of ("bf4f41403280c1b115650d470f9b260a5c9042c04d9bcc2a6ca504a66379b2d6:log4j-core-2.0-alpha2.jar"; "58e9f72081efff9bdaabd82e3b3efe5b1b9f1666cefe28f429ad7176a6d770ae:log4j-core-2.0-beta1.jar"; "ed285ad5ac6a8cf13461d6c2874fdcd3bf67002844831f66e21c2d0adda43fa4:log4j-core-2.0-beta2.jar"; "dbf88c623cc2ad99d82fa4c575fb105e2083465a47b84d64e2e1a63e183c274e:log4j-core-2.0-beta3.jar"; "a38ddff1e797adb39a08876932bc2538d771ff7db23885fb883fec526aff4fc8:log4j-core-2.0-beta4.jar"; "7d86841489afd1097576a649094ae1efb79b3147cd162ba019861dfad4e9573b:log4j-core-2.0-beta5.jar"; "4bfb0d5022dc499908da4597f3e19f9f64d3cc98ce756a2249c72179d3d75c47:log4j-core-2.0-beta6.jar"; "473f15c04122dad810c919b2f3484d46560fd2dd4573f6695d387195816b02a6:log4j-core-2.0-beta7.jar"; "b3fae4f84d4303cdbad4696554b4e8d2381ad3faf6e0c3c8d2ce60a4388caa02:log4j-core-2.0-beta8.jar"; "dcde6033b205433d6e9855c93740f798951fa3a3f252035a768d9f356fde806d:log4j-core-2.0-beta9.jar"; "85338f694c844c8b66d8a1b981bcf38627f95579209b2662182a009d849e1a4c:log4j-core-2.0.jar"; "db3906edad6009d1886ec1e2a198249b6d99820a3575f8ec80c6ce57f08d521a:log4j-core-2.0-rc1.jar"; "ec411a34fee49692f196e4dc0a905b25d0667825904862fdba153df5e53183e0:log4j-core-2.0-rc2.jar"; "a00a54e3fb8cb83fab38f8714f240ecc13ab9c492584aa571aec5fc71b48732d:log4j-core-2.0.1.jar"; "c584d1000591efa391386264e0d43ec35f4dbb146cad9390f73358d9c84ee78d:log4j-core-2.0.2.jar"; "8bdb662843c1f4b120fb4c25a5636008085900cdf9947b1dadb9b672ea6134dc:log4j-core-2.1.jar"; "c830cde8f929c35dad42cbdb6b28447df69ceffe99937bf420d32424df4d076a:log4j-core-2.2.jar"; "6ae3b0cb657e051f97835a6432c2b0f50a651b36b6d4af395bbe9060bb4ef4b2:log4j-core-2.3.jar"; "535e19bf14d8c76ec00a7e8490287ca2e2597cae2de5b8f1f65eb81ef1c2a4c6:log4j-core-2.4.jar"; "42de36e61d454afff5e50e6930961c85b55d681e23931efd248fd9b9b9297239:log4j-core-2.4.1.jar"; "4f53e4d52efcccdc446017426c15001bb0fe444c7a6cdc9966f8741cf210d997:log4j-core-2.5.jar"; "df00277045338ceaa6f70a7b8eee178710b3ba51eac28c1142ec802157492de6:log4j-core-2.6.jar"; "28433734bd9e3121e0a0b78238d5131837b9dbe26f1a930bc872bad44e68e44e:log4j-core-2.6.1.jar"; "cf65f0d33640f2cd0a0b06dd86a5c6353938ccb25f4ffd14116b4884181e0392:log4j-core-2.6.2.jar"; "5bb84e110d5f18cee47021a024d358227612dd6dac7b97fa781f85c6ad3ccee4:log4j-core-2.7.jar"; "ccf02bb919e1a44b13b366ea1b203f98772650475f2a06e9fac4b3c957a7c3fa:log4j-core-2.8.jar"; "815a73e20e90a413662eefe8594414684df3d5723edcd76070e1a5aee864616e:log4j-core-2.8.1.jar"; "10ef331115cbbd18b5be3f3761e046523f9c95c103484082b18e67a7c36e570c:log4j-core-2.8.2.jar"; "dc815be299f81c180aa8d2924f1b015f2c46686e866bc410e72de75f7cd41aae:log4j-core-2.9.0.jar"; "9275f5d57709e2204900d3dae2727f5932f85d3813ad31c9d351def03dd3d03d:log4j-core-2.9.1.jar"; "f35ccc9978797a895e5bee58fa8c3b7ad6d5ee55386e9e532f141ee8ed2e937d:log4j-core-2.10.0.jar"; "5256517e6237b888c65c8691f29219b6658d800c23e81d5167c4a8bbd2a0daa3:log4j-core-2.11.0.jar"; "d4485176aea67cc85f5ccc45bb66166f8bfc715ae4a695f0d870a1f8d848cc3d:log4j-core-2.11.1.jar"; "3fcc4c1f2f806acfc395144c98b8ba2a80fe1bf5e3ad3397588bbd2610a37100:log4j-core-2.11.2.jar"; "057a48fe378586b6913d29b4b10162b4b5045277f1be66b7a01fb7e30bd05ef3:log4j-core-2.12.0.jar"; "5dbd6bb2381bf54563ea15bc9fbb6d7094eaf7184e6975c50f8996f77bfc3f2c:log4j-core-2.12.1.jar"; "c39b0ea14e7766440c59e5ae5f48adee038d9b1c7a1375b376e966ca12c22cd3:log4j-core-2.13.0.jar"; "6f38a25482d82cd118c4255f25b9d78d96821d22bab498cdce9cda7a563ca992:log4j-core-2.13.1.jar"; "54962835992e303928aa909730ce3a50e311068c0960c708e82ab76701db5e6b:log4j-core-2.13.2.jar"; "e5e9b0f8d72f4e7b9022b7a83c673334d7967981191d2d98f9c57dc97b4caae1:log4j-core-2.13.3.jar"; "68d793940c28ddff6670be703690dfdf9e77315970c42c4af40ca7261a8570fa:log4j-core-2.14.0.jar"; "9da0f5ca7c8eab693d090ae759275b9db4ca5acdbcfe4a63d3871e0b17367463:log4j-core-2.14.1.jar"; "006fc6623fbb961084243cfc327c885f3c57f2eba8ee05fbc4e93e5358778c85:log4j-core-2.0-alpha1.jar"; "e7048ad52e3b6f1267b7ceb2c07200a5ce61271bcf59f98fd238bf60e4137932:log4j-core-2.15.0.jar"))
CVE-2021-44228 - Log4j path, sha1, and matching known version
Period
6 hours
| * Results in a true/false |
(item 0 of item 0 of it, item 1 of item 0 of it, unique value of following text of first ":" of item 1 of (item 1 of item 0 of it, elements of item 1 of it) whose (item 0 of it = preceding text of first ":" of item 1 of it) | "Not Matched") of ((it, sha1 of (if exists property "native file" then native file (it) else file(it)) | "Not Found") of (it as string) of (if exists property "locked lines" then locked lines of it else lines of it) whose (it does not start with "SCAN_COMPLETE" and it as lowercase does not end with "-javadoc.jar" and it as lowercase does not end with "-sources.jar" and it as lowercase does not end with "-tests.jar") of files "BPS-Scans/CVE-2021-44228.txt" of folder(pathname of parent folder of parent folder of client folder of site "actionsite"), set of ("685125b7b8bbd7c2f58259937090ac2ae9bcb129:log4j-core-2.0-alpha2.jar"; "7058796a0aa49ea21ea2cc7bf9dece0d3b8942ae:log4j-core-2.0-beta1.jar"; "b5f9c15e1fb18d84193ac10e4bfb88af1724f5cd:log4j-core-2.0-beta2.jar"; "80b690d982b030fb2f04854407744ff44e0b72ea:log4j-core-2.0-beta3.jar"; "8f87799c2bd24c120812ed3d5271b743cfc999b5:log4j-core-2.0-beta4.jar"; "b853dec96e815981280fb9a1cc08332a6ed946f9:log4j-core-2.0-beta5.jar"; "1fb514bfbec10815d68953ed2fc4dd8c98ee245f:log4j-core-2.0-beta6.jar"; "a727fe8e718b18d541f67077c99b2ca129f77065:log4j-core-2.0-beta7.jar"; "f6ed9c56c8d58c4670059ddf417df23c9a78ff30:log4j-core-2.0-beta8.jar"; "678861ba1b2e1fccb594bb0ca03114bb05da9695:log4j-core-2.0-beta9.jar"; "7621fe28ce0122d96006bdb56c8e2cfb2a3afb92:log4j-core-2.0.jar"; "4363cdf913a584fe8fa72cf4c0eaae181ef7d1eb:log4j-core-2.0-rc1.jar"; "2e8d52acfc8c2bbbaa7baf9f3678826c354f5405:log4j-core-2.0-rc2.jar"; "895130076efaf6dcafb741ed7e97f2d346903708:log4j-core-2.0.1.jar"; "13521c5364501478e28c77a7f86b90b6ed5dbb77:log4j-core-2.0.2.jar"; "31823dcde108f2ea4a5801d1acc77869d7696533:log4j-core-2.1.jar"; "c707664e020218f8529b9a5e55016ee15f0f82ac:log4j-core-2.2.jar"; "58a3e964db5307e30650817c5daac1e8c8ede648:log4j-core-2.3.jar"; "0d99532ba3603f27bebf4cdd3653feb0e0b84cf6:log4j-core-2.4.jar"; "a5334910f90944575147fd1c1aef9f407c24db99:log4j-core-2.4.1.jar"; "7ed845de1dfe070d43511fab321784e6c4118398:log4j-core-2.5.jar"; "a7cb258b9c36f49c148834a3a35b53fe73c28777:log4j-core-2.6.jar"; "2b557bf1023c3a3a0f7f200fafcd7641b89cbb83:log4j-core-2.6.1.jar"; "00a91369f655eb1639c6aece5c5eb5108db18306:log4j-core-2.6.2.jar"; "a3f2b4e64c61a7fc1ed8f1e5ba371933404ed98a:log4j-core-2.7.jar"; "2be463a710be42bb6b4831b980f0d270b98ff233:log4j-core-2.8.jar"; "4ac28ff2f1ddf05dae3043a190451e8c46b73c31:log4j-core-2.8.1.jar"; "979fc0cf8460302e4ffbfe38c1b66a99450b0bb7:log4j-core-2.8.2.jar"; "ff857555cec4635c272286a260dbd7979c89d5b8:log4j-core-2.9.0.jar"; "8c59f9db4e5eebf7e99aa0ed2eb129bd5d8ef4f8:log4j-core-2.9.1.jar"; "989bbd2b84eba4b88a4b2a889393fac5b297e1df:log4j-core-2.10.0.jar"; "3b1c23b9117786e23cc3be6224b484d77c50c1f2:log4j-core-2.11.0.jar"; "38b9c3790c99cef205a890db876c89fd9238706c:log4j-core-2.11.1.jar"; "5bcfefcd7474c2f439576a1839ea0aeeec07f3b6:log4j-core-2.11.2.jar"; "73fe23297ccf73bad25a04e089d9627f8bf3041f:log4j-core-2.12.0.jar"; "c28f281548582ec68376e66dbde48be24fcdb457:log4j-core-2.12.1.jar"; "ef568faca168deee9adbe6f42ca8f4de6ca4557b:log4j-core-2.13.0.jar"; "5eb5ab96f8fc087135ef969ed99c76b64d255d44:log4j-core-2.13.1.jar"; "16f7b2f63b0290281294c2cbc4f26ba32f71de34:log4j-core-2.13.2.jar"; "6556d71742808e4324eabc500bd7f2cc8c004440:log4j-core-2.13.3.jar"; "94bc1813a537b3b5c04f9b4adead3c434f364a70:log4j-core-2.14.0.jar"; "c476bd8acb6e7e55f14195a88fa8802687fcf542:log4j-core-2.14.1.jar"; "e7dc681a6da4f2f203dccd1068a1ea090f67a057:log4j-core-2.0-alpha1.jar";"9bd89149d5083a2a3ab64dcc88b0227da14152ec:log4j-core-2.15.0.jar"))
Relevance
if exists property "in proxy agent context" then not in proxy agent context else true
Sharing
| Social Media: |
Comments
 |
|
| How do you review the flagged devices after running this? | |
 |
|
| Anyone have a remediation fix for when vulnerabilities are found? | |
 |
|
| Removed the sha256 comparisons. | |
|
|
| This latest version features a much better description, less frequent evaluation of the properties, and filters out known extraneous data such as results for "log4j-core-X-javadoc.jar" and "log4j-core-X-tests.jar" | |
