• Created by Unknown User (rmsp), last modified on Dec 17, 2021

Log4J Issue (CVE-2021-44228)

NOTE: This incident is no longer considered active, but is being maintained as Monitoring for short-term visibility.

This is an update of Idera's internal review of the Log4J Issue (CVE-2021-44228). Idera has completed its review/investigation on all family of products. The status of products is the following:

  • All Xray/Xporter Server/DC and Cloud products and Xray Exploratory Testing (XEA) - Our investigation confirmed there are no exposed instances of the Apache Log4j library within the version range that contains this vulnerability. Therefore, the investigation confidently concludes all product versions are not impacted by the Apache Log4j vulnerability.
  • Xray Server/DC and Cloud connectors - The following Xray connectors were found to contain a vulnerable version of the Apache Log4j library. Each has been updated to remove the vulnerability and those updates are now available as follows:
  • All Other Idera Family Of Products - Our investigation confirmed there are no exposed instances of the Apache Log4j library within the version range that contains this vulnerability. Therefore, the investigation confidently concludes none are impacted by the Apache Log4j vulnerability.
    Although our initial and thorough investigation has concluded, Idera continues to monitor for potential breaches, we will continue actively to monitor this situation and communicate with stakeholders as appropriate.

If you have any questions or concerns please contact us.

Idera Security and Compliance Team.