Knowledge Base

Yes

Environment

App Control Server: All Supported Versions
EDR Server: 7.3.0 to 7.6.0
Hosted EDR: 7.6.0
Carbon Black Cloud: All Supported Versions

Question

Where can I find information on CVE-2021-44228 (Log4Shell - Log4j Remote Code Execution) and subsequent CVE-2021-45046, CVE-2021-45105, CVE-2021-44832?

Answer

Vulnerability information and product-specific guidance (review/subscribe): Log4Shell - Log4j Remote Code Execution (CVE-2021-44228)
- Query and Threat Intel questions should be posted to this link for review by the Threat Intelligence team.
Mitigations for specific components of VMware Carbon Black products:
- UPDATED! EDR Server
  - Mitigation steps for 7.3.0 to 7.6.0 Servers WARNING: Do not upgrade Log4j via yum
  - Hosted EDR update: Hosted servers have been updated, no customer action necessary
- UPDATED! Workload Appliance
  - Appliance Update: VMware Carbon Black Cloud Workload 1.1.2 Release Notes
  - Log4Shell Mitigation Steps for VMware Carbon Black Cloud Workload Appliance
- Carbon Black Cloud Services
  - Log4Shell - Status of Carbon Black Services
- Also see VMware's Security Advisory VMSA-2021-0028
NEW! Detections for post exploitation activity (review/subscribe): Log4Shell - Log4j Observed Post Exploitation Activity in the Wild
NEW! Detecting vulnerable Log4j with Vulnerability Management (review/subscribe): Detecting Log4j Vulnerabilities with Carbon Black Cloud Vulnerability Management
NEW! Detecting exploitation of unpatched versions of VMware products: TAU-TIN-Log4Shell Exploitation
NEW! How to Detect the Log4j Vulnerability on Linux Using VMware Carbon Black Cloud Vulnerability Assessm... (VMware Carbon Black Tech Zone)

Additional Notes

EDR
- EDR sensors do not use Log4j and are therefore not affected.
- Are there threat intel feeds for EDR? EEDR and EDR: Are There Threat Intel Feeds for CVE-2021-44228 (Log4j)?
- Hosted EDR has been fixed
  - 12/23 JNDLookup class was removed from 2.17.0 and covers CVE-2021-44832
  - 12/23 updated Log4j to 2.17.0 to cover CVE-2021-45105
  - 12/15 added mitigation to cover CVE-2021-45046
  - 12/11 added mitigation to cover CVE-2021-44228
App Control
- App Control does not utilize Log4j, please see this link for more details App Control: Is Application Control affected by the LOG4J vulnerability?
Carbon Black Cloud
- Carbon Black Cloud sensors do not use Log4j and are not affected.
- Are there threat intel feeds for EEDR? EEDR and EDR: Are There Threat Intel Feeds for CVE-2021-44228 (Log4j)?

Related Content

Vulnerability Information
CVE-2021-44228 (CVE) | CVE-2021-44228 (NVD)
CVE-2021-45046 (CVE) | CVE-2021-45046 (NVD)
CVE-2021-45105 (CVE) | CVE-2021-45105 (NVD)
CVE-2021-44832 (CVE) | CVE-2021-44832 (NVD)
https://logging.apache.org/log4j/2.x/security.html
VMware Blog & Discussions
Investigating CVE-2021-44228 Log4Shell Vulnerability
VMSA-2021-0028 & Log4j: What You Need to Know (VMware Security Blog)
VMSA-2021-0028 & Log4j: What You Need to Know (VMware vSphere Blog)
Log in the Shell: An Analysis of Log4Shell Exploitation (VMware Security Blog)
VMSA-2021-0028: Questions & Answers about Log4j | VMware
New Security Advisory = VMSA-2021
How to Detect the Log4j Vulnerability on Linux Using VMware Carbon Black Cloud Vulnerability Assessm... (VMware Carbon Black Tech Zone)
External Articles
https://www.randori.com/blog/cve-2021-44228/
Digging deeper into Log4Shell - 0Day RCE exploit found in Log4j
Log4Shell: RCE 0-day exploit found in log4j, a popular Java logging package | LunaTrace
CVE-2021-44228 - GitHub Advisory Database
Guidance for preventing, detecting, and hunting for exploitation of the Log4j 2 vulnerability | Micr...
Log4Shell - Detecting Log4j 2 RCE Using Splunk | Splunk
Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228)
Product-specific Information
[VMware Carbon Black Hosted EDR] Declaring Emergency Maintenance to Address Critical Vulnerability i...
Log4Shell Mitigation Steps for VMware Carbon Black EDR
[VMware Carbon Black EDR] Log4Shell (CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, CVE-2021-44832)...
Deployment - VMware Enterprise EEDR & EDR Detections
[VMware Carbon Black Hosted EDR] Declaring Emergency Maintenance to Address CVE-2021-44228 and Addit...
Sample Log4Shell (CVE-2021-44228) Data Forwarder Filters & Splunk Queries
[VMware Carbon Black Hosted EDR] Declaring Emergency Maintenance on 12/23 @ 7:00 AM EST – Deployment...
[VMware Carbon Black EDR] Announcing General Availability of EDR Server 7.6.1
VMware Carbon Black EDR Server 7.6.1 Release Notes
TAU-TIN-Log4Shell Exploitation
Other KB Articles
App Control: Is Application Control affected by the LOG4J vulnerability?
EEDR and EDR: Are There Threat Intel Feeds for CVE-2021-44228 (Log4j)?
EDR: How to add the Log4j Mitigation
General
VMware Security Advisories
Threat Research Documents
Carbon Black Status

Knowledge Base

All Products: Where Can I find Information on CVE-2021-44228, CVE-2021-45046, CVE-2021-45105 and CVE-2021-44832?

All Products: Where Can I find Information on CVE-2021-44228, CVE-2021-45046, CVE-2021-45105 and CVE-2021-44832?

Environment

Question

Answer

Additional Notes

Related Content

Knowledge Base

All Products: Where Can I find Information on CVE-2021-44228, CVE-2021-45046, CVE-2021-45105 and CVE-2021-44832?

All Products: Where Can I find Information on CVE-2021-44228, CVE-2021-45046, CVE-2021-45105 and CVE-2021-44832?

Environment

Question

Answer

Additional Notes

Related Content

Thank you for your feedback.

Thank you for your feedback.