Apache Log4j (CVE-2021-44228, CVE-2021-4104, CVE-2021-45046) contains a serious vulnerability. That vulnerability has now been assigned the name ‘Log4Shell’. The risk classification, also referred to as the CVSS score, is unchanged: 10. This is the highest possible classification within the scale.
The challenge we are facing is that Java is just like sugar. It is in everything. Java, in combination with Log4j, is often used as a basis, or as a building block. All kinds of different applications from a variety of vendors may now be vulnerable. Tesorion’s live blog contains up-to-date information on the developments concerning this vulnerability.
Tesorion products and services
The Apache Log4j vulnerability has no impact on the following products and solutions. All services that used Log4j were identified by Tesorion. We have taken appropriate measures in time to eliminate any threat to them.
|Product and services||Status|
|Tesorion Immunity-appliances and software||Not vulnerable to Log4j|
|Tesorion customer portal||Potential Log4j impact mitigated|
|Tesorion SOC-appliances and software||Potential Log4j impact mitigated|
|Tesorion Managed Firewall||Not vulnerable to Log4j|
|Tesorion Managed EDR||Not vulnerable to Log4j|
|Tesorion Managed PAM||Not vulnerable to Log4j|
|Tesorion Managed Vulnerability||Not vulnerable to Log4j|
|Tesorion Digital Risk Protection||Not vulnerable to Log4j|
If you have any questions, we’d love to hear from you.
Do you want to be informed in time? Sign up for our technical updates
Would you like to receive these critical vulnerabilities by e-mail from now on? Enter your e-mail address below.