Log4j vulnerability in XI and agents

This support forum board is for support questions relating to Nagios XI, our flagship commercial network monitoring solution.
Locked
elade
Posts: 144
Joined: Wed Mar 28, 2018 6:23 am

Log4j vulnerability in XI and agents

Post by elade »

Hi,

Dose the Apache Log4j vulnerability is a part of XI, NCPA, NRPE and NSClient?
How can I verify it?
In case of one of the products is using the Log4j vulnerability there is a patch or work around?
Top
User avatar
lmiltchev
Former Nagios Staff
Posts: 13587
Joined: Mon May 23, 2011 12:15 pm

Re: Log4j vulnerability in XI and agents

Post by lmiltchev »

https://www.nagios.com/news/2021/12/upd ... erability/
Be sure to check out our Knowledgebase for helpful articles and solutions!
Top
elade
Posts: 144
Joined: Wed Mar 28, 2018 6:23 am

Re: Log4j vulnerability in XI and agents

Post by elade »

Hi lmiltchev,

What about Fusion and the nagios agent NCPA?
Top
User avatar
lmiltchev
Former Nagios Staff
Posts: 13587
Joined: Mon May 23, 2011 12:15 pm

Re: Log4j vulnerability in XI and agents

Post by lmiltchev »

Nagios Fusion does not appear to be using vulnerable versions of the products as identified in the MITRE notification. NCPA does not use log4j. NCPA is written in Python, but Log4j is a Java library. NRPE is not affected, either. NSClient++ is NOT one of our products. You can probably find out more information about it on their website.

We recommend using our agent (NCPA) over NRPE and/or NSClient++ as it is actively developed/maintained.

Let me know if you have any further questions. Thank you!
Be sure to check out our Knowledgebase for helpful articles and solutions!
Top
Locked

Return to “Nagios XI”