![]() OpenText will remediate affected products and services in conformance with industry best practices. OpenText continue to work to do a rigorous assessment of any possible additional vulnerability and plan for the additional potential mitigation steps.īased on industry best practices, manufacturer recommendations, and the technical requirements for the vulnerabilities, OpenText understands that it is currently employing the necessary security safeguards and prevention strategies. The IPS rules applied will detect the condition, alert and block attacks based on this vulnerability. ![]() OpenText has implemented the required Intrusion Prevention System (IPS) signatures at an ingress layer to block malicious traffic resulting from a Log4j CVE-2021-44228 vulnerability. Has OpenText implemented patches and mitigation measures for the Log4j vulnerability?įor solutions hosted by OpenText mitigating controls are in place (see list below).OpenText is reviewing all products and services to assess the potential impact of the vulnerability and deploy required actions to address issues when identified. OpenText implements a Secure Development Lifecycle that includes CI/CD, Supply Chain Security, 3rd Party Component Monitoring. Is OpenText investigating the exposure to products and services?.The Cybersecurity and Infrastructure Security Agency has released a helpful tool in providing awareness, scanning and remediation. You should expect future patches from many software companies including OpenText through our standard processes. OpenText is continually reassessing our products and services based on newly available information. If the updates to Log4j came via a patch/fix provided by OpenText, please continue to monitor the product specific knowledge base articles below for updates. In general, if the remediation steps already followed involved replacing the Log4j versions with 2.16 or 2.17, it is recommended repeating these steps using Log4j 2.17.1. OpenText is currently utilizing Log4j version 2.17.x in our full remediation strategy.Īs the situation continues to evolve, customers with OpenText products deployed in their environments may also need to go back and adjust already implemented controls and fixes. With each new disclosure, OpenText has adjusted mitigation and remediation responses. CVE-2021-45046 December 14th, CVSS score 9.0 critical, resolved in Log4j 2.16.After CVE-2021-44228, additional Log4j 2.x vulnerabilities have been reported.OpenText has dedicated security teams that are constantly monitoring for vulnerabilities and new threats. OpenText immediately began to remediate our products. CVE-2021-44228 has a CVSS score of 10, the most critical rating. On December 10th, NIST published information about a vulnerability affecting Log4j, an extremely popular Java logging utility. OpenText is aware of the reported Log4j vulnerabilities.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |