![]() Official patches to upgrade the Log4j packages and mitigate the vulnerabilities in all usage scenarios are available and linked in the table below for version 8.1 and 8.2. Customers may follow the guidance in the “Removing Log4j version 2 from Splunk Enterprise” section below to remove these packages out of an abundance of caution. Windows versions of Splunk Enterprise do not include Log4j version 2. If this feature is not used, there is no active attack vector related to CVE-2021-44228 or CVE-2021-45046. Guidance for determining if you are using DFS appears in the "Removing Log4j version 2 from Splunk Enterprise" section below.Īll recent non-Windows versions of Splunk Enterprise include Log4j version 2 for the DFS feature. If Data Fabric Search (DFS) is used, there is an impact because this product feature leverages Log4j. Summary of Impact for Splunk Enterprise and Splunk CloudĬore Splunk Enterprise functionality does not use Log4j version 2 and is not impacted. Customers also have the option to remove Log4j Version 2 from Splunk Enterprise out of an abundance of caution. Unless CVE-2021-45105 or CVE-2021-44832 increase in severity, Splunk will address these vulnerabilities as part of the next regular maintenance release of each affected product. Per Apache’s advisory, permission must be granted to the underlying configuration files, and a malicious configuration needs to be created, to exploit this vulnerability. Apache has designated this vulnerability a severity rating of 6.6 (Moderate). Splunk is additionally reviewing a Remote Code Execution Vulnerability ( CVE-2021-44832) found in Log4j version 2.17.0. Splunk has evaluated where these configuration parameters may exist within our product portfolio, and we have updated the table below accordingly. ![]() Per Apache’s advisory, specific non-default configuration parameters need to be present to exploit this vulnerability. Apache has designated this vulnerability a severity rating of 7.5 (High). Splunk also reviewed a Denial of Service Vulnerability ( CVE-2021-45105) found in Log4j version 2.16.0. Supplemental Security Advisory for Splunk AppsĪ supplemental security advisory for Splunk Apps was published on December 14 and is being updated on an ongoing basis. Current customers can file support tickets through standard channels for specific guidance. Please return to this posting for the most up to date information.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |