Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

CVE-2021-44228 Log4j2 Exploit

A high severity vulnerability (CVE-2021-4228) impacting multiple versions of the Apache Log4j2 utility was disclosed publicly via the projects GitHub on December 9th, 2021. The vulnerability affects Apache Log4j 2 versions 2.0 to 2.14.1.

We have validated that the following products are not susceptible to the Log4j vulnerability:

  • LoadMaster
  • LoadMaster GEO
  • LoadMaster MT
  • ECS Connection Manager
  • Kemp 360 Central
  • Kemp 360 Vision

For additional information on this vulnerability as it relates to other Progress products, refer to the Progress Security Center: https://www.progress.com/security

Please see the article below for help using content rules or our WAF engine to protect your applications/servers behind the LoadMaster.

Progress Kemp LoadMaster protects from security vulnerability Apache Log4j 2 (CVE-2021-44228) – Kemp Support (kemptechnologies.com)

We still highly recommend you patch your applications/servers, the above article is to help alleviate the risk.


Comments

Avatar

Erick Jarin

how about the servers that is published behind KEMP ? 

0

Avatar

Rush Enterprises

Is there a signature in WAF for this yet?

0

Avatar

Kemper

Very concerned here as well regarding this one.  OWASP core rule set has been confirmed not to protect against this vulnerability.

0

Avatar

Nick Smylie

I have updated this article with a link to a new KB in order help mitigate this CVE. Once again, we highly recommend you patch your servers behind the LoadMaster.

0

Avatar

Mpho Ntshontsi

I did the Kemp Partner Training Program course Kemp Certified Technical Professional on a mobile app and passed.

I got the email below from Kemp Training:

When I try to login to the same URL that I used in the Mobile App, I get denied access with the following error message:

Kindly assist.

0