Dear All,
Does anyone of you know if any DSS-V7 version ( included latest v.7.00 up70 45067 ) is affected by current CVE-2021-44228 vulnerability in Apache Log4j library ?
Thanks in advance
Best Regards
Marco Sassatelli
Printable View
Dear All,
Does anyone of you know if any DSS-V7 version ( included latest v.7.00 up70 45067 ) is affected by current CVE-2021-44228 vulnerability in Apache Log4j library ?
Thanks in advance
Best Regards
Marco Sassatelli
We are working on small update and new full-build as we want to be 100% it will not effect our customers. We will announce this on our website as well for all to download Devs and QA hope to have it up this week.
The problem exist only if Adaptec or LSI Hardware RAID controller is present in the system.
There is no problem if just HBA is installed.
Many thanks Todd for quick reply.
I saw that you didn't mention ARECA Raid Controller. Isn't affected?
Best Regards
Marco Sassatelli
I have not herd of anything about ARECA :( sorry man!! I would reach out to them BUT make sure to watch our website to get updated.
DSS V7 and the JovianDSS are NOT effected by this Log4J, we sent out an email to all registered Open-E customers.
https://www.open-e.com/newsletter/im...1_23911_12.jpg #1 SOFTWARE FOR DATA STORAGE, BACKUP & BUSINESS CONTINUITY In order to ensure the highest levels of security for our users, both Open-E JovianDSS and Open-E DSS V7 have been checked for any possible vulnerabilities related to the Log4Shell exploit. Despite the fact that our products’ core systems don’t contain the affected Log4j Java library, we’ve conducted multiple tests to check if the 3rd party management tools (which are run in cases where the related hardware is installed on the server) have not been affected.
Our tests revealed as follows:
- The MaxView Storage Manager tool utilizes the Apache Log4j library and is affected by the exploit.
- The MegaRAID Storage Manager (MSM) utilizes the Apache Log4j library but none of our tests showed any indication of the library being affected by the exploit.
In order to minimize the risk, please ensure that your data storage setup is not connected to the Internet or is behind of a firewall.
Open-E safety measures:
- Open-E will release updates to Open-E JovianDSS and Open-E DSS V7 to disable the MaxView Storage Manager tool to help our customers protect their infrastructure as soon as possible.
- After that, Open-E will release an update for MaxView Storage Manager containing a security patch (more testing needed to ensure no further issues or compatibility problems).
More information about the updates will be sent in separate emails.