Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Log4j Remediation

https://support.nagios.com/forum/viewtopic.php?t=64218

Page 1 of 1

Log4j Remediation

Posted: Fri Dec 17, 2021 5:32 am
by QPUSER
Hi Team,

Need your expert advice on current on going log4j vulnerability. We are using below Nagios products in our environment and these are standalone application & not integrated with any 3rd party Java based application. In order to protect current Nagios environment from log4j vulnerability.
Request you to please advice next plan of action/mitigation steps.

Nagios XI 5.8.7
Nagios Network Analyzer 2.4.3
Nagios Log Server 2.1.9
Nagios Fusion 4.1.9

Warm Regards,
QP User

Re: Log4j Remediation

Posted: Fri Dec 17, 2021 2:09 pm
by benjaminsmith
Hi QP User,

Thanks for checking in with us on this.

We have an official update on this vulnerability on our website. Nagios Log Server does use log4j but it uses an older version that is not impacted - 1.2.17.jar.

https://www.nagios.com/news/2021/12/upd ... erability/

The other products do not, however, we recommend reaching out to your admins/security teams to make sure your systems are not impacted by other applications or integrations.

Let us know if you have any questions or comments.

--Benjamin
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited