Affect of Log4j vulnerability on GFI

virtually Affect of Log4j vulnerability on GFI will cowl the newest and most present help within the area of the world. means in slowly for that motive you comprehend properly and appropriately. will lump your information skillfully and reliably

A brand new 0-day vulnerability, formally referred to as CVE-2021-44228, was printed on the NIST Nationwide Vulnerability Database on Friday, December 10. It’s discovered within the Log4j Java library. 

Log4j is a well-liked open supply logging library made by the Apache Software program Basis. The safety vulnerability present in Log4j permits hackers to execute distant instructions on a goal system. The severity of the vulnerability is assessed as “Important” by NIST.

How are GFI merchandise impacted?

The GFI growth workforce is reviewing our merchandise to be used of Log4j.

A operate of Kerio Join makes use of Log4j, and a really useful mitigation is recognized beneath.

If we establish any extra really useful mitigations, we’ll present a comply with up communication. Further info, when out there, can even be posted on this web page.

Kerio Join vulnerability mitigation

Log4j is utilized in Kerio Join as a part of the chat operate. We suggest that every one Kerio Join customers briefly disable the chat operate within the software program.

To disable chat in Kerio Join:

  1. Go to Configuration.
  2. Click on on Domains.
  3. Double-click on the specified area.
  4. Discover the “Chat” part on the Common tab.
  5. Deselect the “Allow chat in Kerio Join Shopper.” possibility.
  6. Repeat the above steps for your whole electronic mail domains.

Kerio Join safety hotfix

Work has already began on a safety hotfix for Kerio Join. We intend to ship a public launch within the subsequent few days.

We are going to ship a follow-up notification to all Kerio Join clients at your registered electronic mail when the discharge is out there.

 

Replace 2021. 12. 21.

We’re happy to announce that Kerio Join 9.3.1p2 is out there. This safety launch addresses the vulnerability associated to Log4j, formally referred to as CVE-2021-44228.

Launch notes:

  • Apache log4j2 library improve to model 2.16.0 (fixing CVE-2021-44228 vulnerability)

The brand new model may be downloaded from the GFI Improve Heart.

We suggest that every one Kerio Join clients set up model 9.3.1p2 as quickly as potential.

As soon as Kerio Join 9.3.1p2 is deployed, the chat operate may be safely re-enabled.

Replace 2022. 01. 13.

We’re happy to announce the discharge of Kerio Join 9.4. This newest model introduces a number of key safety enhancements, together with the implementation of Log4j 2.17.0 to unravel the denial of service vulnerability, formally referred to as CVE-2021-45105 current within the earlier model.

The whole record of launch notes is out there on our web site.

The brand new model may be downloaded from the GFI Improve Heart.

We suggest that every one Kerio Join clients set up model 9.4 as quickly as potential.

Replace 2022. 01. 14.

The GFI growth workforce has reviewed our merchandise to be used of Log4j. Listed here are the outcomes of the evaluation:

Product Outcome Methods to repair
Exinda Community Orchestrator Not impacted
Exinda SD-WAN Not impacted
GFI Archiver Not impacted
GFI EndPointSecurity Not impacted
GFI EventsManager Not impacted
GFI FaxMaker Not impacted
GFI Helpdesk Not impacted
GFI LanGuard Not impacted
GFI MailEssentials Not impacted
Kerio Join Impacted (Model 9.3.1p1 and beneath) Improve to model 9.4
Kerio Management Not impacted
Kerio Operator Not impacted


I hope the article about Affect of Log4j vulnerability on GFI provides keenness to you and is beneficial for including to your information

x