CVE-2021-44228 Log4j2 Exploit
A high severity vulnerability (CVE-2021-44228) impacting multiple versions of the Apache Log4j2 utility was disclosed publicly via the projects GitHub on December 9th, 2021. The vulnerability affects Apache Log4j 2 versions 2.0 to 2.14.1.
We have validated that the following products are not susceptible to the Log4j vulnerability:
- LoadMaster
- LoadMaster GEO
- LoadMaster MT
- ECS Connection Manager
- Kemp 360 Central
- Kemp 360 Vision
For additional information on this vulnerability as it relates to other Progress products, refer to the Progress Security Center: https://www.progress.com/security
Please see the article below for help using content rules or our WAF engine to protect your applications/servers behind the LoadMaster.
We still highly recommend you patch your applications/servers, the above article is to help alleviate the risk.
Comments
Is there a signature in WAF for this yet?
Very concerned here as well regarding this one. OWASP core rule set has been confirmed not to protect against this vulnerability.
I have updated this article with a link to a new KB in order help mitigate this CVE. Once again, we highly recommend you patch your servers behind the LoadMaster.
I did the Kemp Partner Training Program course Kemp Certified Technical Professional on a mobile app and passed.
I got the email below from Kemp Training:
When I try to login to the same URL that I used in the Mobile App, I get denied access with the following error message:
Kindly assist.
Erick Jarin
how about the servers that is published behind KEMP ?