Installed software packages on Kemp Virtual Loadmaster (log4j CVE-2021-44228)

Greetings,

With regards to the zero day exploit concerning log4j (CVE-2021-44228) I tried to find out which software packages are installed on the kemp virtual loadmaster.

1. Question is the VLM vulnerable to CVE-2021-44228

2. Question how can I check software versions on the vlm with its limited CLI / diagnostic shell?

Thank you very much.

Best regards

Vinzenz Meyer

0

2 comments

Avatar

Permanently deleted user

Hello Vinzenz,

 

This would be a Java vulnerability not an LM vulnerability. Java is not on the LM OS

CVE-2021-44228

See this page for the patch for Log4j

https://logging.apache.org/log4j/2.x/security.html

 

If you have WAF you can mitigate against it using the rules described in this blog.

https://coreruleset.org/20211213/crs-and-log4j-log4shell-cve-2021-44228/

 

1

Avatar

Vinzenz Meyer

Thanks for the quick reply.

0

Please to leave a comment.

Didn't find what you were looking for?