CVE-2021-44228

Log4j2

December 15, 2022, 1:45 PM US EST - Added RapidFire Tools to Current Status
V3.1: 9.8 Critical
V2.0: 7.5 High

Overview

Kaseya is aware of the Log4j2 vulnerability CVE – CVE-2021-44228 (mitre.org) and our product, operations and security teams are currently assessing all products.

As always, please follow cybersecurity best practices including ensuring all of your servers are properly secured behind firewalls, backed up, and not left unprotected on the internet if they are installed on-premises.

Please check back to this site regularly as we will continue to post updates as new information becomes available.

Kaseya Products Affected

Kaseya has been performing a review of our products, code and production environments.

Currently, our analysis indicates that the products listed below are not affected by this vulnerability. As this is an evolving threat, we will update this site as new information becomes available.

*Other products not listed below are currently under investigation and will be updated as our analysis has completed.

Full Description

  1. While the VSA On-Premises, AuthAnvil On-Premises or Unitrends Backup products are not affected, customers should investigate the environment where they have installed the product(s) to ensure the operating systems, other software installed on the server and virtual environments are not affected. For example, VMware is commonly used to virtualize the underlying infrastructure and they have provided an update on their products at the following link: https://www.vmware.com/security/advisories/VMSA-2021-0028.html
  2. While Unitrends products are not affected, we want to remind customers that the supported deployment requires that appliances (virtual or physical appliances) should never be exposed to the internet to limit the attack surface.
  3. Our analysis was done on the latest released version of each product. SaaS products are always on the latest version, but for on-premises products, you should ensure you have updated to the latest version.

Update History

Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Aenean commodo ligula eget dolor. Aenean massa. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Donec quam felis, ultricies nec, pellentesque eu, pretium quis, sem. Nulla consequat massa quis enim. Donec pede justo, fringilla vel, aliquet nec, vulputate eget, arcu. In enim justo, rhoncus ut, imperdiet a, venenatis vitae, justo. Nullam dictum felis eu pede mollis pretium. Integer tincidunt. Cras dapibus. Vivamus elementum semper nisi. Aenean vulputate eleifend tellus. Aenean leo ligula, porttitor eu.

Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Aenean commodo ligula eget dolor. Aenean massa. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Donec quam felis, ultricies nec, pellentesque eu, pretium quis, sem. Nulla consequat massa quis enim. Donec pede justo, fringilla vel, aliquet nec, vulputate eget, arcu. In enim justo, rhoncus ut, imperdiet a, venenatis vitae, justo. Nullam dictum felis eu pede mollis pretium. Integer tincidunt. Cras dapibus. Vivamus elementum semper nisi. Aenean vulputate eleifend tellus. Aenean leo ligula, porttitor eu.