Statement from Stamus Networks regarding the recent Log4j 2 vulnerability
On December 10, 2021, NIST published a Common Vulnerabilities and Exposure (CVE) alert identifying a new zero day in the Java logging library Apache Log4j which can result in full server takeover. This critical alert - CVE-2021-44228 - applies to Java applications that use this library.
You may read more in these online resources:
Stamus Networks does not use this library in any of its proprietary software systems. However it is used by several components of the ELK stack (Elasticsearch, Logstash and Kibana) which are embedded in our Stamus ND, Stamus NDR, and Stamus Probe Management systems.
The developers of the ELK stack, Elastic, have determined that Logstash and Elasticsearch do indeed contain this vulnerability, and they have identified a fix.
Our research team has reviewed the available literature, evaluated our software architecture, and consulted with our software partners, including Elastic.
We have concluded that there is very little risk of an exploit in the components we know to be vulnerable, Logstash and Elasticsearch. However, out of an abundance of caution we developed a patch for Stamus ND/NDR that fixes the vulnerability in the currently embedded version of Logstash (6.8.10) and Elasticsearch (6.8.10).
And we have notified our customers of its availability.
If you have any questions please feel free to contact us: support@stamus-networks.com
ABOUT STAMUS NETWORKS ™
Stamus Networks believes that cyber defense is bigger than any single person, platform, company, or technology. That’s why we leverage the power of community to deliver the next generation of open and transparent network defense. Trusted by security teams at the world’s most targeted organizations, our flagship offering – Clear NDR™ – empowers cyber defenders to uncover and stop serious threats and unauthorized network activity before they harm their organizations. Clear NDR helps defenders see more clearly and act more confidently through detection they can trust with results they can explain.
© 2014-2024 Stamus Networks, Inc. All rights Reserved.