Visit Open-E website
Results 1 to 5 of 5

Thread: [CVE-2021-44228 vulnerability in Apache Log4j library]

  1. #1

    Default [CVE-2021-44228 vulnerability in Apache Log4j library]

    Dear All,
    Does anyone of you know if any DSS-V7 version ( included latest v.7.00 up70 45067 ) is affected by current CVE-2021-44228 vulnerability in Apache Log4j library ?

    Thanks in advance

    Best Regards
    Marco Sassatelli

  2. #2

    Default

    We are working on small update and new full-build as we want to be 100% it will not effect our customers. We will announce this on our website as well for all to download Devs and QA hope to have it up this week.
    The problem exist only if Adaptec or LSI Hardware RAID controller is present in the system.
    There is no problem if just HBA is installed.
    All the best,

    Todd Maxwell


    Follow the red "E"
    Facebook | Twitter | YouTube

  3. #3

    Default

    Many thanks Todd for quick reply.
    I saw that you didn't mention ARECA Raid Controller. Isn't affected?

    Best Regards
    Marco Sassatelli

  4. #4

    Default

    I have not herd of anything about ARECA sorry man!! I would reach out to them BUT make sure to watch our website to get updated.
    All the best,

    Todd Maxwell


    Follow the red "E"
    Facebook | Twitter | YouTube

  5. #5

    Default

    DSS V7 and the JovianDSS are NOT effected by this Log4J, we sent out an email to all registered Open-E customers.

    #1 SOFTWARE FOR DATA STORAGE, BACKUP & BUSINESS CONTINUITY
    In order to ensure the highest levels of security for our users, both Open-E JovianDSS and Open-E DSS V7 have been checked for any possible vulnerabilities related to the Log4Shell exploit. Despite the fact that our products’ core systems don’t contain the affected Log4j Java library, we’ve conducted multiple tests to check if the 3rd party management tools (which are run in cases where the related hardware is installed on the server) have not been affected.

    Our tests revealed as follows:


    • The MaxView Storage Manager tool utilizes the Apache Log4j library and is affected by the exploit.
    • The MegaRAID Storage Manager (MSM) utilizes the Apache Log4j library but none of our tests showed any indication of the library being affected by the exploit.


    In order to minimize the risk, please ensure that your data storage setup is not connected to the Internet or is behind of a firewall.

    Open-E safety measures:


    • Open-E will release updates to Open-E JovianDSS and Open-E DSS V7 to disable the MaxView Storage Manager tool to help our customers protect their infrastructure as soon as possible.
    • After that, Open-E will release an update for MaxView Storage Manager containing a security patch (more testing needed to ensure no further issues or compatibility problems).


    More information about the updates will be sent in separate emails.

    All the best,

    Todd Maxwell


    Follow the red "E"
    Facebook | Twitter | YouTube

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •