EIQ-2021-0017

ID

EIQ-2021-0017

CVE

Description

Log4j versions earlier than 2.15 have a remote code execution vulnerability. EclecticIQ Endpoint Response Enterprise Edition has mitigations in place. Endpoint Response Community Edition is unaffected.

Date

Updated 4 January 2021

16 December 2021

Severity

0 - MITIGATED

CVSSv3 score

0

Status

images/s/-u524h5/8501/61630d2d4f75946459caa0b3dbdac9bd6d7a7de4/_/images/icons/emoticons/check.svg Mitigated

Assessment

Updated 4 January 2022

Added CVE-2021-4104 to the list of vulnerabilities this advisory covers. No change to advice.

This is a developing situation. Currently known immediate mitigations are covered in this advisory, while we investigate longer-term mitigations.

Not affected: ER Community Edition (CE) 3.0

EclecticIQ ER CE 3.0 does not use Log4j.

Mitigated: EclecticIQ Endpoint Response (ER) Enterprise Edition (EE) 3.0.1

EclecticIQ ER EE 3.0.1 uses Log4j 1.2.17 but has mitigations in place:

  • Only used for debug logging to log internal API parameters.

  • Controls are in place to prevent logging input from untrusted sources.

  • Only the following Log4j features are enabled:

    • PatternLayout

    • RollingFileAppender

  • Next release of ER EE will include upgraded Log4j libraries to mitigate other risks.

Mitigation

None required. Mitigations are in place.

Affected versions

EclecticIQ Endpoint Response EE 3.0.1 and CE 3.0

Notes

N/A