Recently a critical vulnerability (CVE-2021-44228) was discovered in the Apache Log4j library. This vulnerability can be exploited remotely without authentication and allows remote code execution. It ranks a 10 out of 10 on the CVSS severity level. It has pretty much set the world aflame. You can get more about what happened here and an overview with more links here.
Update 2021-12-14: Another vulnerability related to Log4j has popped up: CVE-2021-4104. None of our products are vulnerable to this new CVE.
Yes. See the table below for details.
After it was published, we immediately started checking all our products for exposure to this vulnerability. As was to be feared, many of our products use Log4j (or include third-party components that do), are therefore vulnerable, and need to be updated.
Product | Log4Shell vulnerable? | Fix Status | Fix Release | How To Upgrade |
---|---|---|---|---|
ApplicationInsights | vulnerable - fix available | released - Dec 14 | 1.6.3 | Upgrade ApplicationInsights (≥ v1.5.1) |
ConnectionsExpert 2.x | vulnerable - fix available | released - Dec 15 | 2.1.3 | Upgrade ConnectionsExpert (> v2.0) |
ConnectionsExpert 3.x | vulnerable | in testing | 3.0.2 | Upgrade ConnectionsExpert (> v2.0) |
GreenLight | vulnerable - fix available | released - Dec 15 | 4.5.0 | Upgrading GreenLight - only for >=3.5.x |
iDNA | vulnerable | in testing | 2.11.1 | please contact support |
iDNA Applications | vulnerable - fix available | released - Dec 13 | 2.1.2 | Upgrading iDNA Applications |
MarvelClient | safe | |||
OfficeExpert | vulnerable - fix available | released - Dec 14 | 4.3.3 | Upgrading OfficeExpert |
OfficeExpert EPM | safe | |||
SecurityInsider / GroupExplorer | safe | |||
SmartChanger | safe | |||
Document Properties Plugin | safe | |||
LogViewer Plugin | safe | |||
Network Monitor Plugin | safe | |||
PrefTree Plugin | safe | |||
Tabzilla Plugin | safe | |||
Timezone Helper Plugin | safe |
(Table will be continuously updated)
We are currently in the process of creating new releases that contain the necessary fixes. Releases for some products are already out, and we are releasing the rest as fast as safely possible. Progress will be tracked in this knowledge base article. You can also follow our corresponding blog post.
You will need to update any products that are affected. Our service and support teams are in the process of contacting all our customers to answer questions and help where needed.
Please send requests and questions to support@panagenda.com
We will keep updating this post with more information as it becomes available.