Forum Discussion

3 years ago

LogicMonitor collectors running vulnerable version of Log4j are affected by "Log4shell" CVE-2021-44228 vulnerability?

LogicMonitor collectors running vulnerable version of Log4j are affected by "Log4shell" CVE-2021-44228 vulnerability? If no, can you please explain how?

Mike_Rodrigues
3 years ago
Hey everyone, here's an official communication you can pass on to customers, clients, stakeholders, etc. about what's going on with LM and the Log4shell vulnerability:

https://www.logicmonitor.com/support/log4shell-security-vulnerability-cve-2021-44228

It goes over the details and how to confirm that your collectors are safe. We will update this document as things progress.

nolimit99rbs

3 years ago

4 hours ago, Mosh said:

@Michael Rodrigues @Stuart Weenig

For info, Log4J 2.16 also have a exploitable vulnerability:

https://nvd.nist.gov/vuln/detail/CVE-2021-45105
https://logging.apache.org/log4j/2.x/security.html

We are upgrading all of our own enterprise products to use 2.17. Will LogicMonitor be upgrading to 2.17?

2nd this. Though the vulnerability is less severe, does LogicMonitor plan to update to 2.17 given the high visibility of these vulnerabilities? If so, when can we expect an updated collector?

Thank you

Forum Discussion

LogicMonitor collectors running vulnerable version of Log4j are affected by "Log4shell" CVE-2021-44228 vulnerability?

Related Content

Finding VMware's most recent vulnerability

Log4J security alert, is there any customers need to do?

Question/help ; Datasource to parse servers exposed to the log4j vulnerability ?

Finding Cisco IOS XE CVE-2023-20198 With ConfigSources

Re: Rapid7 integration with LogicMonitor

Recent Discussions

LM APM - Traces - HTTP Post from Powershell Scripts

dell hosts and idrac combined

Python script to run API call - AddWebsite - Need help with collectors

Can anyone help modify this Datasource to be able to use any port?

Dashboard updates