Log4j 2 Vulnerability Details
A remote code execution vulnerability (CVE-2021-44228) is affecting multiple versions of the Apache Log4j 2 library. Active scanning and exploitation for this vulnerability has been detected and proof-of-concept code is available.
Log4j 2 is an open-source Java logging library developed by the Apache Foundation. It is widely used in many applications and is present in many services as a dependency. This includes enterprise applications, including custom applications developed within an organisation, as well as numerous cloud services.
Hyperglance Is Not Vulnerable To CVE-2021-44228
Hyperglance does not include the Log4j libraries that are affected by the recent remote code injection vulnerability, and for this reason is NOT affected by this vulnerability.
Hyperglance uses a different logging provider. Logging is handled by Wildfly's logging subsystem which is based on JBoss Logging, not Log4j directly.
Wildfly's logging subsystem does include some Log4j classes itself and Hyperglance does rely on the log4j APIs but NOT the Apache Log4j implementation.
This official Twitter statement from Wildfly shows that Wildfly is not affected by this particular CVE and so neither is Hyperglance:
WildFly does not depend on the Log4j 2 org.apache.logging.log4j:log4j-core library, so we are not affected by CVE-2021-44228. If your application deployment packages log4j-core we recommend you upgrade ASAP.
— WildFlyAS (@WildFlyAS) December 10, 2021
No action is needed for the Hyperglance deployment
Hyperglance - Cloud Management You Control
Hyperglance gives you complete cloud management enabling you to have confidence in your security posture and cost management whilst providing you with enlightening, real-time architecture diagrams.
Monitor security & compliance, manage costs & reduce your bill, interactive diagrams & inventory, built-in automation. Save time & money and get complete peace of mind.
Experience it all, for free, with a 14-day trial.