Skip to main content
Matrix42 Self-Service Help Center

CVE-2021-44228: Apache Log4j Remote Code Execution Vulnerability - Log4Shell

Overview

CVE              CVE-2021-44228CVE-2021-45046CVE-2021-45105 and CVE-2021-44832
CWE            CWE-94
CVSS v3    10.0

In this article we would like to inform you about the critical vulnerability in the widely used logging library for Java applications Log4j (also known as Log4Shell) and its use in Matrix42 products.

Matrix42 products affected by the Log4j vulnerability

Log4j is used only in the following products and all other Matrix42 products are not affected.

Component Matrix42 Risk evaluation Required Actions/Recommendations Note Fixed Version Mitigation

FireScope Edge Device

Increased Risk

We strongly recommend that our customers restrict user access to the Edge device, as this is not normally required. It should not be exposed to the Internet, which is our general recommendation.

The FireScope Edge device is distributed in the customer's infrastructure but not exposed to the Internet. Thus, Edge devices are exposed to the risk of insider attacks.

FireScope v4.5.0    
v3.8.4.1 (Log4j 2.5 mitigation)

FireScope v4.5.1
v3.8.8 (Log4j 2.5 mitigation)

CVE-2021-44228

CVE-2021-45046

FireScope App Server

 

Low Risk

If you are not actively using the Integration Manager, we recommend restricting access to the REST API.

The FireScope App Server is used internally by the FireScope Web Server and is contacted directly by edge devices using a BSON-based binary protocol. In addition, the App Server provides a REST API for integration use cases. The REST API is considered vulnerable at this time; but only authorized user agents can access it.

FireScope v4.5.0    
v3.9.5.3 (Log4j 2.17.1)

FireScope v4.5.1    
v3.9.5.3 (Log4j 2.17.1)

CVE-2021-44228

CVE-2021-45046

CVE-2021-45105

CVE-2021-44832

FireScope Agent

Very Low Risk

None

The FireScope Agent is deployed on endpoints to collect additional metrics. The agent in the default configuration does not run Java code and is not vulnerable. Customers have the option to enable a Java application monitoring feature. In this case, the agent runs Java code using Log4j version 1. Considering that the agent does not transmit anything to the Internet, we classify the risk as very low.

None None

FireScope Flex Agent

Very Low Risk

None

The FireScope Flex Agent is the monitoring agent for the infrastructure. This agent runs on all FireScope nodes (Web, App, Edge, and Mongo). The agent uses Log4j version 1, but does not provide any interfaces to the outside world. Thus, we rate the risk level as very low.

None None

Empirum Web Console (EWC)

Very Low Risk None

In the EWC we use Log4j version 1 and the JMSAppender feature is not activated, LDAP addresses are also not used or queried. The EWC is not used in Matrix42 SaaS Solution.

Empirum 21.0 Update 2
Empirum Hotfix Installer 21.0 Update 2 - 23-DEC-2021 (Log4j 2.17.0)

Empirum 20.0 Update 3
Empirum Hotfix Installer 20.0 Update 3 - 23-DEC-2021 (Log4j 2.17.0)

Empirum 19.0 Update 3
Empirum Hotfix Installer 19.0 Update 3 - 23-DEC-2021 (Log4j 2.17.0)

CVE-2021-44228

CVE-2021-45046

CVE-2021-45105

FireScope Web Server

Risk-free

None

Hosts the user interface of FireScope and does not run any Java code. 

N/A N/A

Next Steps

Matrix42 will continue to provide updates as necessary in this document. We are working on updates for our affected products as listed in the table above. As a Matrix42 FireScope SaaS customer, you currently do not need to take any action. We will perform all necessary remediations and patches for you for the cloud based components.

Updates

Update 1 (2021-12-17):
A Hotfix is available for the FireScope Edge Device and App Server. Matrix42 FireScope SaaS customers will receive the App Server Hotfix automatically. Please pay attention to the announcement by mail or within the FireScope SaaS user interface. For Edge Device updates, our Customer Service is available to all customers. To schedule an appointment, please submit a request to support@firescope.com. Alternatively, you can contact your Account Manager or Field Engineer.

Update 2 (2021-12-23):
We have provided a Hotfix installer on 23 December 2021 for Empirum version 19.0 Update 3, 20.0 Update 3 and 21.0 Update 2 that updates the Log4j component used in the Empirum Web Console (EWC) and addresses CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105. We recommend that you apply the Hotfix as soon as possible. The download for this can be found as usual in our Marketplace. Matrix42 Empirum SaaS customers are not affected as no EWC is provided.

Update 3 (2022-01-06)
The current known vulnerability CVE-2021-44832 addressed in Log4j 2.17.1 is currently under investigation for the EWC and FireScope Edge Device. The FireScope App Server version 3.9.5.3 includes already Log4j 2.17.1. We continuously reassess the threat of vulnerable components in our software and, based on this, either provide short-term Hotfixes or update components within our standard release cycles.

Change log

Date Description of change
2021-12-15 Initial publication
2021-12-17 Update 1 -  Hotfix for FireScope provided
2021-12-20 Update 2 - Hotfix for Empirum Web Console provided
2021-12-23 Update 1 and 2 revised
2022-01-06 Update 3 provided, fixed versions and mitigation added.

 

  • Was this article helpful?