Log4Shell -> Log4J Vulnerability (not used)

Created by Craig Mitchell
Last updated: Dec 14, 2021
1 min read

The recently publicised zero day exploit (CVE-2021-44228) in the Log4J logging framework:-

 

  • Minder BMS does not have log4j installed, nor does it use Java, so is not vulnerable to this exploit.

  • Minder's SimpleHelp service, which is written in Java, and sits on a Debian server,  is not reliant on Log4J so is not vulnerable to this exploit.

  • Those new Nethserver installs (email servers) & the remaining SMEserver installs are all based on Centos, and never used the affected package, hence are not vulnerable.

  • Proxmox VE (any Version), which is based on Debian,  does not have log4j2 installed, nor does it use Java, so is not vulnerable to this exploit.

  • FreePBX (phone system) does not depend on log4j & it is not installed by default, hence is not vulnerable.

  • Microsoft Office 365 is not vulnerable to this exploit.

  • Microsoft Servers (any version) are not vulnerable to this exploit, but any 3rd party server type applications which you have installed need to be checked.

  • Superchoice services do use Log4j and have already patched their servers. They will continue to monitor, no action required on our part.

 

Copyright Programmed Network Management PL 2023