{"id":4765,"date":"2021-12-13T14:01:42","date_gmt":"2021-12-13T19:01:42","guid":{"rendered":"https:\/\/sites7.ditcanada.com\/rbro\/trunk\/?p=4765"},"modified":"2021-12-17T10:46:48","modified_gmt":"2021-12-17T15:46:48","slug":"the-apache-log4j-vulnerability-what-you-need-to-know","status":"publish","type":"post","link":"https:\/\/sites7.ditcanada.com\/rbro\/trunk\/the-apache-log4j-vulnerability-what-you-need-to-know\/","title":{"rendered":"The Apache Log4j vulnerability: What you need to know"},"content":{"rendered":"

On December 9th<\/sup> 2021, Apache published a zero-day critical vulnerability (CVE-2021-44228)<\/a> for its widely popular Apache Log4j, and is being referred to as \u201cLog4Shell.\u201d This vulnerability is considered \u201ccritical\u201d with a CVSS score of 10, allowing for Remote Code Execution with system-level privileges. If you haven’t yet heard the news<\/a>, this is a severe risk with a major security flaw being discovered.<\/p>\n

 <\/p>\n

When exploited, an attacker can run arbitrary code on a device and gain full control of the exploited device — this will render the device compromised, and may impact other devices trusted by the compromised device which is now controlled by the attacker.<\/p>\n

 <\/p>\n

What does that mean for you? What iManage products have been affected? How has iManage responded to this vulnerability?<\/p>\n

<\/h4>\n

NOTE: RBRO products do not use any Java libraries, including Log4J. This vulnerability will have no impact on any of our products.<\/strong><\/h4>\n

<\/h3>\n

 <\/p>\n

iManage products affected by this issue<\/strong><\/h3>\n

 <\/p>\n

iManage has released mitigation steps on the latest Apache log4j vulnerability (see iManage for complete details<\/a>). The following components listed by iManage are affected by CVE-2021-44228 and require action to remediate the issue.<\/p>\n

 <\/p>\n

NOTE:<\/strong>\u00a0All cloud issues have been mitigated and there was zero impact to any customer data stored in iManage Cloud.<\/p>\n

 <\/p>\n

iManage Work Server is not affected by this issue.<\/p>\n

 <\/p>\n\n\n\n\n\n\n\n\n\n
Product affected<\/strong><\/p>\n

 <\/td>\n

Component(s) affected in product<\/strong><\/p>\n

 <\/td>\n

Versions affected<\/strong><\/p>\n

 <\/td>\n<\/tr>\n<\/thead>\n

iManage Work Indexer powered by<\/p>\n

IDOL (IDOL Indexer)<\/td>\n

\n
    \n
  • WorkSite Connector<\/li>\n
  • WorkSite DiffTool<\/li>\n<\/ul>\n<\/td>\n
IDOL Indexer 10.3.0.26 and later<\/td>\n<\/tr>\n
iManage Work Indexer powered by<\/p>\n

RAVN (RAVN Indexer)<\/td>\n

\n
    \n
  • RAVN Solr<\/li>\n<\/ul>\n<\/td>\n
RAVN Indexer 10.3.x<\/td>\n<\/tr>\n
iManage Records Manager<\/td>\n\n
    \n
  • iManage Records Manager Server<\/li>\n
  • iManage Records Manager Indexer<\/li>\n<\/ul>\n<\/td>\n
Records Manager 10.3.x and later<\/td>\n<\/tr>\n
iManage Security Policy Manager<\/td>\n\n
    \n
  • iManage Records Manager Agent<\/li>\n
  • Adjust Security REST Service<\/li>\n<\/ul>\n<\/td>\n
All versions<\/td>\n<\/tr>\n
iManage Threat Manager<\/td>\n\n
    \n
  • iManage Threat Manager<\/li>\n<\/ul>\n<\/td>\n
All versions<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

 <\/p>\n

 <\/p>\n

We are committed to security<\/strong><\/h3>\n

RBRO Solutions has identified the affected components and we are updating our systems and products. Our security team and their efforts completed the investigation of its own devices and networks and found no evidence of compromise at this time.<\/p>\n

If you require additional information, please do not hesitate to contact your RBRO Solutions representative.<\/p>","protected":false},"excerpt":{"rendered":"

On December 9th 2021, Apache published a zero-day critical vulnerability (CVE-2021-44228) for its widely popular Apache Log4j, and is being referred to as \u201cLog4Shell.\u201d This vulnerability is considered \u201ccritical\u201d with a CVSS score of 10, allowing for Remote Code Execution with system-level privileges. If you haven’t yet heard the news, this is a severe risk […]<\/p>\n","protected":false},"author":7,"featured_media":4766,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[16,20,101],"tags":[],"class_list":["post-4765","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-imanage","category-security","category-cloud"],"acf":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/sites7.ditcanada.com\/rbro\/trunk\/wp-json\/wp\/v2\/posts\/4765"}],"collection":[{"href":"https:\/\/sites7.ditcanada.com\/rbro\/trunk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sites7.ditcanada.com\/rbro\/trunk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sites7.ditcanada.com\/rbro\/trunk\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/sites7.ditcanada.com\/rbro\/trunk\/wp-json\/wp\/v2\/comments?post=4765"}],"version-history":[{"count":0,"href":"https:\/\/sites7.ditcanada.com\/rbro\/trunk\/wp-json\/wp\/v2\/posts\/4765\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sites7.ditcanada.com\/rbro\/trunk\/wp-json\/wp\/v2\/media\/4766"}],"wp:attachment":[{"href":"https:\/\/sites7.ditcanada.com\/rbro\/trunk\/wp-json\/wp\/v2\/media?parent=4765"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sites7.ditcanada.com\/rbro\/trunk\/wp-json\/wp\/v2\/categories?post=4765"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sites7.ditcanada.com\/rbro\/trunk\/wp-json\/wp\/v2\/tags?post=4765"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}