Log4Shell Vulnerability Update - December 13, 2021

Home Blog Cybersecurity Log4Shell Vulnerability Update - December 13, 2021

Log4j version 1.x not impacted

There is no evidence to indicate Log4j version 1.x is impacted by this vulnerability, however, please ensure due diligence when identifying all instances of Log4j within your environment. Potential locations of Log4j includes:

• File System
• Bundled within your IBM Software
• Application code on top of IBM software
• Application code sitting outside of IBM software

Caution: Vulnerability CVE 2021-44228 was introduced at Log4j v2.0 beta9 with JNDI look up.
The Apache Log4j2 JNDI features do not protect against attacker-controlled LDAP and other JNDI related endpoints. JNDILookup plugin can be found here https://issues.apache.org/jira/browse/LOG4J2-313 Credit Woonsan Ko as evidenced in the change log here: Log4j – Changes (apache.org)

Versions Affected: all log4j-core versions 2.0-beta9 to 2.14.1

For impacted versions of Log4j customers are strongly recommended to consider the following immediate mitigating actions:

NOTE: Before implementing actions below customers should test within non-production environments to ensure zero unintended impact to operations.

• Releases versions 2.10 or greater setting either the system property log4j2.formatMsgNoLookups or the environment variable LOG4J_FORMAT_MSG_NO_LOOKUPS to true.

• Releases version 2.0-beta9 to 2.10.0 remove the JndiLookup class from the classpath: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class.

• Release version 2.7 to 2.14.1, modify all PatternLayout patterns to specify the message converter as %m{nolookups} instead of just %m.

Official source for Log4j here: https://downloads.apache.org/logging/log4j/

A current list of indicators of compromise can be found here: https://exchange.xforce.ibmcloud.com/collection/4daa3df4f73a51590efced7fb90bc949

Note: This is not a complete list and only contains what has been identified to date. If you witness any of the indications of compromise highlighted above following mitigating action, it may be the case that Log4j resides elsewhere within your environment.

If you require support to assist you in finding Log4j files within your environment &/or in the conduct of the proposed actions within this communication, please log a ticket with the Origina Support Desk.

RECENT Articles

What Software OEMs Don’t Want You To Know About Third-Party Software Support

Finance and CIO IT Operations Procurement Software Asset Management

Origina General Counsel and Chief Risk Officer Guy Tritton rebuts claims made by HCL against using third-party software maintenance providers.

5 Steps to Better IBM Software ELAs

Finance and CIO Procurement Software Asset Management

IBM enterprise license agreements (ELAs) are known for being difficult to navigate. Read about some ways to avoid vendor lock-in and get the most support for your software estate.

Cookie	Duration	Description
connect.sid		This cookie is used for authentication and for secure log-in. It registers the log-in information.
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-advertisement	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
elementor	never	This cookie is used by the website's WordPress theme. It allows the website owner to implement or change the website's content in real-time.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
bcookie	2 years	This cookie is set by linkedIn. The purpose of the cookie is to enable LinkedIn functionalities on the page.
lang	session	This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.
lidc	1 day	This cookie is set by LinkedIn and used for routing.
sp_landing	1 day	The sp_landing is set by Spotify to implement audio content from Spotify on the website and also registers information on user interaction related to the audio content.
sp_t	1 year	The sp_t cookie is set by Spotify to implement audio content from Spotify on the website and also registers information on user interaction related to the audio content.

Cookie	Duration	Description
__utmzzses	session	Google Analytics sets this cookie to gather information about how a visitor uses the site.
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_JRRYWVDDJV	2 years	This cookie is installed by Google Analytics.
_gat_UA-105298564-1	1 minute	A variation of the _gat cookie set by Google Analytics and Google Tag Manager to allow website owners to track visitor behaviour and measure site performance. The pattern element in the name contains the unique identity number of the account or website it relates to.
_gcl_au	3 months	Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.

Cookie	Duration	Description
_fbp	3 months	This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.
bscookie	2 years	This cookie is a browser ID cookie set by Linked share Buttons and ad tags.
IDE	1 year 24 days	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
personalization_id	2 years	Twitter sets this cookie to integrate and share features for social media and also store information about how the user uses the website, for tracking and targeting.
test_cookie	15 minutes	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.

Cookie	Duration	Description
_rdt_uuid	3 months	No description available.
AnalyticsSyncHistory	1 month	No description
CONSENT	16 years 6 months 19 days 23 hours	No description
initialTrafficSource	2 years	No description available.
li_gc	2 years	No description
loglevel	never	No description available.
RSMKTO1	session	No description available.
third-party-blocked	session	No description
UserMatchHistory	1 month	Linkedin - Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor's preferences.
vx_user	9 months 26 days	No description

Log4Shell Vulnerability Update – December 13, 2021

Log4j version 1.x not impacted

FOR THE LATEST TECHNOLOGY TIPS SUBSCRIBE TO OUR NEWSLETTER - THE UPTIME