Site24x7 and the recent Apache Log4j vulnerability

Site24x7 and the recent Apache Log4j vulnerability

On December 09, 2021, a severe vulnerability (CVE- 2021-4422) was disclosed in the popular Java logging library Log4j 2 versions- 2.0 to 2.14.1, that results in remote code execution (RCE) by logging a certain string. You can find the details of this vulnerability here: 

Though there were a few attempts, we didn't find any traces or evidence of a successful exploitation. As we also possess some third-party components that could be potentially vulnerable, we've completely patched the vulnerability as a mitigation measure. And we can vouch for the fact that no sign of an active exploit could be found throughout Site24x7. Also, the different binary or installable software/agents we support aren't prone to this vulnerability.

We'll keep analyzing the issue and will be posting the new updates in this thread. Please feel free to contact or for further details or assistance; we're happy to help you.




Site24x7 Red Team