Usage of Log4J in Watchguard AD Helper
It seems that the Watchguard AD Helper uses Log4J in the vulnerable Version 2.14.0. Any information on this? I found nothing in the web.
0
Sign In to comment.
It seems that the Watchguard AD Helper uses Log4J in the vulnerable Version 2.14.0. Any information on this? I found nothing in the web.
Comments
Hello e1,
i investigated this a little further:
After an Update to Version 6.0.4.11764 Version 2.15.0 is used, but after recent reports these version is with certain circumstances vulnerable too:
https://isc.sans.edu/diary/rss/28134
For sure... AD Helper is normally not published to the outside world... but maybe in the future the use of these vulnerablities will increase, when the "easy access" vulnerabilities will be closed....
Hi @Davidatazv
AD helper is being patched, but there are mitigating circumstances in place.
You can find more information here:
https://www.watchguard.com/wgrd-blog/apache-log4j-vulnerability
and more details here, specific to your concern near the bottom of the article.
https://www.secplicity.org/2021/12/10/critical-rce-vulnerability-in-log4js/
-James Carson
WatchGuard Customer Support