Related Tips & Info

Log4j (CVE-2021-44228) Vulnerability in ZENworks

gvikram
Micro Focus Employee
2 Likes

A critical vulnerability (Log4shell - CVE-2021-44228 / CVE-2021-45046 / CVE-2021-45105) have been identified in Log4j, a logging library used with-in ZENworks and hundred of thousand applications across the globe. An exploitation of these vulnerability allows a malicious user to remotely execute code on a vulnerable device. Micro Focus is taking immediate steps to mitigate it across its products. A statement out lining the response is available here.

Micro Focus has identified that these vulnerabilities affects only specific versions of ZENworks products - ZENworks 2020 Update 1 & ZENworks 2020 Update 2. It does NOT affects any other ZENworks versions like ZENworks 2017.x.  It also affects ZENworks Reporting 7.8 version. Additionally, we have determined that this vulnerability does NOT affects ZENworks Service Desk or Micro Focus Desktop Container product.

This vulnerability can be mitigated by making some file changes and setting up of some environment variables across devices. The fix for this vulnerability for ZENworks Products is now available and is detailed here. Given the severity of vulnerability, Micro Focus recommends immediate fixing of this vulnerability.

Updated - 24th Dec -2021

A consolidated patch/FTF for ZENworks, fixing all the Log4j vulnerabilities is now available.

  • This FTF is applicable regardless of the original mitigation steps.
  • If you have already applied the steps in the original mitigation steps, this FTF must still be applied on the devices.
  • Steps applied from original mitigation steps need not be reverted. 
  • In case the original mitigation steps have not been applied, you can apply the FTF and ignore the mitigation steps.

Labels:

Announcement
Asset Management
Configuration Management
Endpoint SM
Full Disk Encryption
Patch Management
Support Tip
Comment List
Anonymous
Parents Comment Children
No Data
Related Discussions
Recommended

Resources

Support
Documentation
Training
CyberRes Academy
Partner Portal
Contact us
Compliance
Help
Company
Privacy Policy
Terms of Use
Accessibility
Anti-Slavery Statement
Support
How To Buy
Careers
Investor Relations
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.