EIQ-2021-0017
ID |
EIQ-2021-0017 |
CVE |
|
Description |
Log4j versions earlier than 2.15 have a remote code execution vulnerability. EclecticIQ Endpoint Response Enterprise Edition has mitigations in place. Endpoint Response Community Edition is unaffected. |
Date |
Updated 4 January 2021 16 December 2021 |
Severity |
0 - MITIGATED |
CVSSv3 score |
0 |
Status |
Mitigated |
Assessment |
Updated 4 January 2022 Added CVE-2021-4104 to the list of vulnerabilities this advisory covers. No change to advice. This is a developing situation. Currently known immediate mitigations are covered in this advisory, while we investigate longer-term mitigations. Not affected: ER Community Edition (CE) 3.0 EclecticIQ ER CE 3.0 does not use Log4j. Mitigated: EclecticIQ Endpoint Response (ER) Enterprise Edition (EE) 3.0.1 EclecticIQ ER EE 3.0.1 uses Log4j 1.2.17 but has mitigations in place:
|
Mitigation |
None required. Mitigations are in place. |
Affected versions |
EclecticIQ Endpoint Response EE 3.0.1 and CE 3.0 |
Notes |
N/A |