NetGain Fix For Security Alert Advisory
CVE-2021-4228 & CVE-2021-45046
What is the Security Alert about?
The CVE (Common Vulnerabilities and Exposures) program this past weekend published a vulnerability in the Java logging library, Apache Log4j, that could allow attackers to gain full control of affected servers. Tracked as CVE-2021-44228, the vulnerability affects systems that use Apache Log4j versions 2.0 to 2.14.1.
It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This is tracked as CVE-2021-45046.
What should I do?
Customers with NetGain EM (Enterprise Manager), CV (Cloud Vista) or emedge v11 are advised to update to NetGain EM / CV / emedge v11.2.126. This will upgrade the Log4j library to version 2.16.0 which fixes this vulnerability.
Customers using an earlier version of NetGain EM / CV / emedge (before v11) are requested to contact us here.
More information on this Security Alert Advisory can be found here.