Log4J/Apache Vulnerability CVE-2021-44228
In the past week, IXP Data has received inquiries regarding the Log4J vulnerability in the Apache logging tool Log4J.
Many companies are right investigating whether their systems contain modules with the vulnerability.
EasyInstall does not use Apache, and therefore does not contain the Log4J vulnerability per se. But of course, there is a risk that one of the packages you have in the system from other vendors will make use of Apache, just as it is experienced that server monitoring tools can use Apache.
To help all our customers we have made a small package based on the free scanning tool that can be found here
The package can be used free of charge, and you get it by contacting Christina at cl@icpdata.dk. When you receive the package, you import it int the EasyInstall server like any other package. The package will tell with the result code if Log4j files have been found on the system – if the result code is 0, everything is fine. The package can be used on both servers and PCs and is used at your own risk. The package may ONLY be used for your own use and not shared with others. If the result code is 1, vulnerabilities have been detected. Read if necessary. more here for advice to patch