Greetings,
With regards to the zero day exploit concerning log4j (CVE-2021-44228) I tried to find out which software packages are installed on the kemp virtual loadmaster.
1. Question is the VLM vulnerable to CVE-2021-44228
2. Question how can I check software versions on the vlm with its limited CLI / diagnostic shell?
Thank you very much.
Best regards
Vinzenz Meyer
Permanently deleted user
Hello Vinzenz,
This would be a Java vulnerability not an LM vulnerability. Java is not on the LM OS
CVE-2021-44228
See this page for the patch for Log4j
https://logging.apache.org/log4j/2.x/security.html
If you have WAF you can mitigate against it using the rules described in this blog.
https://coreruleset.org/20211213/crs-and-log4j-log4shell-cve-2021-44228/