Log4j 2 Vulnerability Details

A remote code execution vulnerability (CVE-2021-44228) is affecting multiple versions of the Apache Log4j 2 library. Active scanning and exploitation for this vulnerability has been detected and proof-of-concept code is available.

Log4j 2 is an open-source Java logging library developed by the Apache Foundation. It is widely used in many applications and is present in many services as a dependency. This includes enterprise applications, including custom applications developed within an organisation, as well as numerous cloud services.

Hyperglance Is Not Vulnerable To CVE-2021-44228

Hyperglance does not include the Log4j libraries that are affected by the recent remote code injection vulnerability, and for this reason is NOT affected by this vulnerability.

Hyperglance uses a different logging provider. Logging is handled by Wildfly's logging subsystem which is based on JBoss Logging, not Log4j directly.

Wildfly's logging subsystem does include some Log4j classes itself and Hyperglance does rely on the log4j APIs but NOT the Apache Log4j implementation.

This official Twitter statement from Wildfly shows that Wildfly is not affected by this particular CVE and so neither is Hyperglance:

Recommendations:

No action is needed for the Hyperglance deployment

Hyperglance - Cloud Management You Control

Hyperglance gives you complete cloud management enabling you to have confidence in your security posture and cost management whilst providing you with enlightening, real-time architecture diagrams.

Monitor security & compliance, manage costs & reduce your bill, interactive diagrams & inventory, built-in automation. Save time & money and get complete peace of mind.

Experience it all, for free, with a 14-day trial.