GREYCORTEX is actively responding to the reported high severity vulnerability (CVE-2021 – 44228) that was found in the Apache Log4j library. All Mendel installations deployed in the last few years are vulnerable to this vulnerability. The new version, 3.8.0, which will be released in the upcoming days, is not affected and current versions 3.7.x and 3.6.x have now been covered with security updates.
A high severity vulnerability (CVE-2021 – 44228) impacting multiple versions of the Apache Log4j 2 utility was disclosed publicly via the project’s GitHub on December 9, 2021. The vulnerability impacts Apache Log4j 2 versions 2.0 to 2.14.1.
Log4j is used as a component of our GREYCORTEX Mendel product. More information on the vulnerability can be found in the links below.
CVE-2021 – 44228 Detail (NIST)
CVE-2021 – 44228 vulnerability in Apache Log4j library (SecureList)
Is my Mendel deployment vulnerable?
All Mendel installations deployed in the last few years are affected by this vulnerability but the vulnerable part of the Mendel deployment is NOT exposed to a direct Internet connection.
What can I do to mitigate and resolve this issue?
GREYCORTEX has actively responded to the reported remote code execution vulnerability in the Apache Log4j 2 Java library, dubbed Log4Shell (or LogJam). We have investigated and taken action regarding our product GREYCORTEX Mendel. The new version 3.8.0, which will be released in the upcoming days, is not affected and current versions 3.7.x and 3.6.x are now covered with security updates, which are automatically distributed through the update server.
Older systems will not be patched, customers who are using older versions are strongly advised to upgrade.
Mitigations: if you are not able to upgrade to the newer version or your Mendel instance does not have access to the update server, then please restrict access to Mendel via your firewall settings. It is recommended to restrict access only to a trustworthy IP address range, also for normal operations.
How can I find out if my Mendel system or other systems of our customers have been compromised?
Mendel includes a set of detection rules that can detect whether a vulnerability in the Apache Log4j logging framework has been exploited to attack the Mendel system itself or other systems in your infrastructure. These rules are automatically available through the GREYCORTEX update server. If your Mendel instance or your customer instance is online, these signatures will be added to it automatically.