{"id":42457,"date":"2021-12-23T16:19:33","date_gmt":"2021-12-23T08:19:33","guid":{"rendered":"https:\/\/version-2.com\/?p=42457"},"modified":"2022-01-13T17:55:26","modified_gmt":"2022-01-13T09:55:26","slug":"greycortex-releases-security-update-to-patch-apache-log4j-vulnerability","status":"publish","type":"post","link":"https:\/\/version-2.com\/zh\/2021\/12\/greycortex-releases-security-update-to-patch-apache-log4j-vulnerability\/","title":{"rendered":"GREYCORTEX Releases Security Update to Patch Apache Log4j Vulnerability"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

GREYCORTEX<\/span>\u00a0is actively responding to the reported high severity vulnerability (CVE-2021<\/span>\u2009\u2013\u200944228) that was found in the Apache Log4j library. All Mendel installations deployed in the last few years are vulnerable to this vulnerability. The new version, 3.8.0, which will be released in the upcoming days, is not affected and current versions 3.7.x and 3.6.x have now been covered with security updates.<\/p>

Background<\/h3>

A high severity vulnerability (CVE-2021<\/span>\u2009\u2013\u200944228) impacting multiple versions of the Apache Log4j 2\u00a0utility was disclosed publicly via the project\u2019s GitHub on December 9, 2021. The vulnerability impacts Apache Log4j 2\u00a0versions 2.0 to 2.14.1.<\/p>

Log4j is used as a\u00a0component of our\u00a0GREYCORTEX<\/span>\u00a0Mendel product. More information on the vulnerability can be found in the links\u00a0below.<\/p>

CVE-2021<\/span>\u2009\u2013\u200944228 Detail (NIST<\/span>)<\/a><\/p>

CVE-2021<\/span>\u2009\u2013\u200944228 vulnerability in Apache Log4j library (SecureList)<\/a><\/p>

Is my Mendel deployment vulnerable?\u00a0<\/h3>

All Mendel installations deployed in the last few years are affected by this vulnerability but the vulnerable part of the Mendel deployment is\u00a0NOT<\/span>\u00a0exposed to a\u00a0direct Internet connection.<\/p>

What can I\u00a0do to mitigate and resolve this\u00a0issue?<\/h3>

GREYCORTEX<\/span>\u00a0has actively responded to the reported remote code execution vulnerability in the Apache Log4j 2\u00a0Java library, dubbed Log4Shell (or LogJam). We have investigated and taken action regarding our product\u00a0GREYCORTEX<\/span>\u00a0Mendel. The new version 3.8.0, which will be released in the upcoming days, is not affected and current versions 3.7.x and 3.6.x are now covered with security updates, which are automatically distributed through the update server.<\/p>

Older systems will not be patched, customers who are using older versions are strongly advised to upgrade.<\/p>

Mitigations: if you are not able to upgrade to the newer version or your Mendel instance does not have access to the update server, then please restrict access to Mendel via your firewall settings. It is recommended to restrict access only to a\u00a0trustworthy\u00a0IP<\/span>\u00a0address range, also for normal operations.<\/p>

How can I\u00a0find out if my Mendel system or other systems of our customers have been compromised?<\/h3>

Mendel includes a\u00a0set of detection rules that can detect whether a\u00a0vulnerability in the Apache Log4j logging framework has been exploited to attack the Mendel system itself or other systems in your infrastructure. These rules are automatically available through the\u00a0GREYCORTEX<\/span>\u00a0update server. If your Mendel instance or your customer instance is online, these signatures will be added to it automatically.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t
\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

About Version 2 Digital<\/h3>

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.\n

\nThrough an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.<\/p><\/div><\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

<\/p>\n

About GREYCORTEX
<\/strong>GREYCORTEX uses advanced artificial intelligence, machine learning, and data mining methods to help organizations make their IT operations secure and reliable.<\/p>\n

MENDEL, GREYCORTEX\u2019s network traffic analysis solution, helps corporations, governments, and the critical infrastructure sector protect their futures by detecting cyber threats to sensitive data, networks, trade secrets, and reputations, which other network security products miss.<\/p>\n

MENDEL is based on 10 years of extensive academic research and is designed using the same technology which was successful in four US-based NIST Challenges.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"

GREYCORTEX\u00a0is actively responding to the reported high […]<\/p>\n","protected":false},"author":143524195,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[461,24,61],"tags":[462,23,435],"class_list":["post-42457","post","type-post","status-publish","format-standard","hentry","category-year2021","category-greycortex","category-press-release","tag-462","tag-greycortex","tag-mendel"],"acf":[],"yoast_head":"\nGREYCORTEX Releases Security Update to Patch Apache Log4j Vulnerability - Version 2<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/version-2.com\/zh\/2021\/12\/greycortex-releases-security-update-to-patch-apache-log4j-vulnerability\/\" \/>\n<meta property=\"og:locale\" content=\"zh_HK\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"GREYCORTEX Releases Security Update to Patch Apache Log4j Vulnerability - Version 2\" \/>\n<meta property=\"og:description\" content=\"GREYCORTEX\u00a0is actively responding to the reported high […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/version-2.com\/zh\/2021\/12\/greycortex-releases-security-update-to-patch-apache-log4j-vulnerability\/\" \/>\n<meta property=\"og:site_name\" content=\"Version 2\" \/>\n<meta property=\"article:published_time\" content=\"2021-12-23T08:19:33+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-01-13T09:55:26+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/version-2.com\/wp-content\/uploads\/2020\/04\/blog-v2-logo.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"250\" \/>\n\t<meta property=\"og:image:height\" content=\"70\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"version2hk\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u4f5c\u8005\" \/>\n\t<meta name=\"twitter:data1\" content=\"version2hk\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u9810\u8a08\u95b1\u8b80\u6642\u9593\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 \u5206\u9418\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/2021\\\/12\\\/greycortex-releases-security-update-to-patch-apache-log4j-vulnerability\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/2021\\\/12\\\/greycortex-releases-security-update-to-patch-apache-log4j-vulnerability\\\/\"},\"author\":{\"name\":\"version2hk\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/person\\\/d14d2d3cd77ffdb618b9f1330fe084db\"},\"headline\":\"GREYCORTEX Releases Security Update to Patch Apache Log4j Vulnerability\",\"datePublished\":\"2021-12-23T08:19:33+00:00\",\"dateModified\":\"2022-01-13T09:55:26+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/2021\\\/12\\\/greycortex-releases-security-update-to-patch-apache-log4j-vulnerability\\\/\"},\"wordCount\":405,\"publisher\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\"},\"keywords\":[\"2021\",\"Greycortex\",\"MENDEL\"],\"articleSection\":[\"2021\",\"Greycortex\",\"Press Release\"],\"inLanguage\":\"zh-HK\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/2021\\\/12\\\/greycortex-releases-security-update-to-patch-apache-log4j-vulnerability\\\/\",\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/2021\\\/12\\\/greycortex-releases-security-update-to-patch-apache-log4j-vulnerability\\\/\",\"name\":\"GREYCORTEX Releases Security Update to Patch Apache Log4j Vulnerability - Version 2\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#website\"},\"datePublished\":\"2021-12-23T08:19:33+00:00\",\"dateModified\":\"2022-01-13T09:55:26+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/2021\\\/12\\\/greycortex-releases-security-update-to-patch-apache-log4j-vulnerability\\\/#breadcrumb\"},\"inLanguage\":\"zh-HK\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/version-2.com\\\/zh\\\/2021\\\/12\\\/greycortex-releases-security-update-to-patch-apache-log4j-vulnerability\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/2021\\\/12\\\/greycortex-releases-security-update-to-patch-apache-log4j-vulnerability\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u9996\u9801\",\"item\":\"https:\\\/\\\/version-2.com\\\/zh\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"GREYCORTEX Releases Security Update to Patch Apache Log4j Vulnerability\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#website\",\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/\",\"name\":\"Version 2\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/version-2.com\\\/zh\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"zh-HK\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\",\"name\":\"Version 2\",\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-HK\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/version-2.com\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/version-2.com\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1\",\"width\":1795,\"height\":335,\"caption\":\"Version 2\"},\"image\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/person\\\/d14d2d3cd77ffdb618b9f1330fe084db\",\"name\":\"version2hk\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-HK\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g\",\"caption\":\"version2hk\"},\"sameAs\":[\"http:\\\/\\\/version2xfortcom.wordpress.com\"],\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/author\\\/version2hk\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"GREYCORTEX Releases Security Update to Patch Apache Log4j Vulnerability - Version 2","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/version-2.com\/zh\/2021\/12\/greycortex-releases-security-update-to-patch-apache-log4j-vulnerability\/","og_locale":"zh_HK","og_type":"article","og_title":"GREYCORTEX Releases Security Update to Patch Apache Log4j Vulnerability - Version 2","og_description":"GREYCORTEX\u00a0is actively responding to the reported high […]","og_url":"https:\/\/version-2.com\/zh\/2021\/12\/greycortex-releases-security-update-to-patch-apache-log4j-vulnerability\/","og_site_name":"Version 2","article_published_time":"2021-12-23T08:19:33+00:00","article_modified_time":"2022-01-13T09:55:26+00:00","og_image":[{"width":250,"height":70,"url":"https:\/\/version-2.com\/wp-content\/uploads\/2020\/04\/blog-v2-logo.jpg","type":"image\/jpeg"}],"author":"version2hk","twitter_card":"summary_large_image","twitter_misc":{"\u4f5c\u8005":"version2hk","\u9810\u8a08\u95b1\u8b80\u6642\u9593":"2 \u5206\u9418"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/version-2.com\/zh\/2021\/12\/greycortex-releases-security-update-to-patch-apache-log4j-vulnerability\/#article","isPartOf":{"@id":"https:\/\/version-2.com\/zh\/2021\/12\/greycortex-releases-security-update-to-patch-apache-log4j-vulnerability\/"},"author":{"name":"version2hk","@id":"https:\/\/version-2.com\/zh\/#\/schema\/person\/d14d2d3cd77ffdb618b9f1330fe084db"},"headline":"GREYCORTEX Releases Security Update to Patch Apache Log4j Vulnerability","datePublished":"2021-12-23T08:19:33+00:00","dateModified":"2022-01-13T09:55:26+00:00","mainEntityOfPage":{"@id":"https:\/\/version-2.com\/zh\/2021\/12\/greycortex-releases-security-update-to-patch-apache-log4j-vulnerability\/"},"wordCount":405,"publisher":{"@id":"https:\/\/version-2.com\/zh\/#organization"},"keywords":["2021","Greycortex","MENDEL"],"articleSection":["2021","Greycortex","Press Release"],"inLanguage":"zh-HK"},{"@type":"WebPage","@id":"https:\/\/version-2.com\/zh\/2021\/12\/greycortex-releases-security-update-to-patch-apache-log4j-vulnerability\/","url":"https:\/\/version-2.com\/zh\/2021\/12\/greycortex-releases-security-update-to-patch-apache-log4j-vulnerability\/","name":"GREYCORTEX Releases Security Update to Patch Apache Log4j Vulnerability - Version 2","isPartOf":{"@id":"https:\/\/version-2.com\/zh\/#website"},"datePublished":"2021-12-23T08:19:33+00:00","dateModified":"2022-01-13T09:55:26+00:00","breadcrumb":{"@id":"https:\/\/version-2.com\/zh\/2021\/12\/greycortex-releases-security-update-to-patch-apache-log4j-vulnerability\/#breadcrumb"},"inLanguage":"zh-HK","potentialAction":[{"@type":"ReadAction","target":["https:\/\/version-2.com\/zh\/2021\/12\/greycortex-releases-security-update-to-patch-apache-log4j-vulnerability\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/version-2.com\/zh\/2021\/12\/greycortex-releases-security-update-to-patch-apache-log4j-vulnerability\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u9996\u9801","item":"https:\/\/version-2.com\/zh\/"},{"@type":"ListItem","position":2,"name":"GREYCORTEX Releases Security Update to Patch Apache Log4j Vulnerability"}]},{"@type":"WebSite","@id":"https:\/\/version-2.com\/zh\/#website","url":"https:\/\/version-2.com\/zh\/","name":"Version 2","description":"","publisher":{"@id":"https:\/\/version-2.com\/zh\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/version-2.com\/zh\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"zh-HK"},{"@type":"Organization","@id":"https:\/\/version-2.com\/zh\/#organization","name":"Version 2","url":"https:\/\/version-2.com\/zh\/","logo":{"@type":"ImageObject","inLanguage":"zh-HK","@id":"https:\/\/version-2.com\/zh\/#\/schema\/logo\/image\/","url":"https:\/\/i0.wp.com\/version-2.com\/wp-content\/uploads\/2020\/08\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1","contentUrl":"https:\/\/i0.wp.com\/version-2.com\/wp-content\/uploads\/2020\/08\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1","width":1795,"height":335,"caption":"Version 2"},"image":{"@id":"https:\/\/version-2.com\/zh\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/version-2.com\/zh\/#\/schema\/person\/d14d2d3cd77ffdb618b9f1330fe084db","name":"version2hk","image":{"@type":"ImageObject","inLanguage":"zh-HK","@id":"https:\/\/secure.gravatar.com\/avatar\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g","caption":"version2hk"},"sameAs":["http:\/\/version2xfortcom.wordpress.com"],"url":"https:\/\/version-2.com\/zh\/author\/version2hk\/"}]}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/pbQRKm-b2N","post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/posts\/42457","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/users\/143524195"}],"replies":[{"embeddable":true,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/comments?post=42457"}],"version-history":[{"count":4,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/posts\/42457\/revisions"}],"predecessor-version":[{"id":42461,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/posts\/42457\/revisions\/42461"}],"wp:attachment":[{"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/media?parent=42457"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/categories?post=42457"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/tags?post=42457"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}