{"id":4030,"date":"2021-12-21T14:48:52","date_gmt":"2021-12-21T06:48:52","guid":{"rendered":"https:\/\/www.udshk.com\/?page_id=4030"},"modified":"2021-12-24T11:39:20","modified_gmt":"2021-12-24T03:39:20","slug":"log4j-vulnerabilities-zscaler-resolutions","status":"publish","type":"page","link":"https:\/\/www.udshk.com\/?page_id=4030","title":{"rendered":"Log4J Vulnerabilities &#8211; Zscaler Resolutions"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-page\" data-elementor-id=\"4030\" class=\"elementor elementor-4030\" data-elementor-settings=\"[]\">\n\t\t\t\t\t\t\t<div class=\"elementor-section-wrap\">\n\t\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-5d606b0 elementor-section-height-min-height elementor-section-items-top elementor-section-boxed elementor-section-height-default\" data-id=\"5d606b0\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-b1e2f06\" data-id=\"b1e2f06\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-fcf7e67 elementor-widget elementor-widget-image\" data-id=\"fcf7e67\" data-element_type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"300\" height=\"300\" src=\"https:\/\/www.udshk.com\/wp-content\/uploads\/2021\/12\/9DABFB2A-89FC-4D7C-82AF-1751C415DB88-300x300.png\" class=\"attachment-medium size-medium\" alt=\"\" srcset=\"https:\/\/www.udshk.com\/wp-content\/uploads\/2021\/12\/9DABFB2A-89FC-4D7C-82AF-1751C415DB88-300x300.png 300w, https:\/\/www.udshk.com\/wp-content\/uploads\/2021\/12\/9DABFB2A-89FC-4D7C-82AF-1751C415DB88-150x150.png 150w, https:\/\/www.udshk.com\/wp-content\/uploads\/2021\/12\/9DABFB2A-89FC-4D7C-82AF-1751C415DB88-100x100.png 100w, https:\/\/www.udshk.com\/wp-content\/uploads\/2021\/12\/9DABFB2A-89FC-4D7C-82AF-1751C415DB88.png 500w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-d2f21f8 elementor-widget elementor-widget-heading\" data-id=\"d2f21f8\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Log4J Vulnerabilities - Zscaler Resolutions (Updated to 10 Dec 2021)<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0abba13 elementor-widget elementor-widget-text-editor\" data-id=\"0abba13\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>The information provided below is referred from <a href=\"https:\/\/www.zscaler.com\/blogs\/product-insights\/prevent-apache-log4j-java-library-vulnerability-zero-trust-architecture\">https:\/\/www.zscaler.com\/blogs\/product-insights\/prevent-apache-log4j-java-library-vulnerability-zero-trust-architecture<\/a> and <a href=\"https:\/\/trust.zscaler.com\/posts\/9581?_gl=1*i2kw4u*_ga*MTU3NDkwMjA2NC4xNjM5OTcyNDE1*_ga_10SPJ4YJL9*MTYzOTk3MjQxNC4xLjEuMTYzOTk3MjkzNC41OQ..&amp;_ga=2.51804011.39101304.1639972415-1574902064.1639972415\">https:\/\/trust.zscaler.com\/posts\/9581?_gl=1*i2kw4u*_ga*MTU3NDkwMjA2NC4xNjM5OTcyNDE1*_ga_10SPJ4YJL9*MTYzOTk3MjQxNC4xLjEuMTYzOTk3MjkzNC41OQ..&amp;_ga=2.51804011.39101304.1639972415-1574902064.1639972415<\/a>.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-53779d0 elementor-tabs-view-horizontal elementor-widget elementor-widget-tabs\" data-id=\"53779d0\" data-element_type=\"widget\" data-widget_type=\"tabs.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-tabs\">\n\t\t\t<div class=\"elementor-tabs-wrapper\" role=\"tablist\" >\n\t\t\t\t\t\t\t\t\t<div id=\"elementor-tab-title-8751\" class=\"elementor-tab-title elementor-tab-desktop-title\" aria-selected=\"true\" data-tab=\"1\" role=\"tab\" tabindex=\"0\" aria-controls=\"elementor-tab-content-8751\" aria-expanded=\"false\">CVE Number<\/div>\n\t\t\t\t\t\t\t\t\t<div id=\"elementor-tab-title-8752\" class=\"elementor-tab-title elementor-tab-desktop-title\" aria-selected=\"false\" data-tab=\"2\" role=\"tab\" tabindex=\"-1\" aria-controls=\"elementor-tab-content-8752\" aria-expanded=\"false\">Discovery Date<\/div>\n\t\t\t\t\t\t\t\t\t<div id=\"elementor-tab-title-8753\" class=\"elementor-tab-title elementor-tab-desktop-title\" aria-selected=\"false\" data-tab=\"3\" role=\"tab\" tabindex=\"-1\" aria-controls=\"elementor-tab-content-8753\" aria-expanded=\"false\">Threat Level<\/div>\n\t\t\t\t\t\t\t\t\t<div id=\"elementor-tab-title-8754\" class=\"elementor-tab-title elementor-tab-desktop-title\" aria-selected=\"false\" data-tab=\"4\" role=\"tab\" tabindex=\"-1\" aria-controls=\"elementor-tab-content-8754\" aria-expanded=\"false\">Response to Log4j<\/div>\n\t\t\t\t\t\t\t\t\t<div id=\"elementor-tab-title-8755\" class=\"elementor-tab-title elementor-tab-desktop-title\" aria-selected=\"false\" data-tab=\"5\" role=\"tab\" tabindex=\"-1\" aria-controls=\"elementor-tab-content-8755\" aria-expanded=\"false\">Affected Zscaler Products<\/div>\n\t\t\t\t\t\t\t\t\t<div id=\"elementor-tab-title-8756\" class=\"elementor-tab-title elementor-tab-desktop-title\" aria-selected=\"false\" data-tab=\"6\" role=\"tab\" tabindex=\"-1\" aria-controls=\"elementor-tab-content-8756\" aria-expanded=\"false\">Zscaler Recommendation<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t\t<div class=\"elementor-tabs-content-wrapper\" role=\"tablist\" aria-orientation=\"vertical\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-tab-title elementor-tab-mobile-title\" aria-selected=\"true\" data-tab=\"1\" role=\"tab\" tabindex=\"0\" aria-controls=\"elementor-tab-content-8751\" aria-expanded=\"false\">CVE Number<\/div>\n\t\t\t\t\t<div id=\"elementor-tab-content-8751\" class=\"elementor-tab-content elementor-clearfix\" data-tab=\"1\" role=\"tabpanel\" aria-labelledby=\"elementor-tab-title-8751\" tabindex=\"0\" hidden=\"false\"><ul>\n \t<li> <a style=\"pointer-events: none; cursor: default; text-decoration: none; color: black;\" href=\"\u201c#\u201d\"> 2021-44228<\/a><\/li>\n<\/ul><\/div>\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-tab-title elementor-tab-mobile-title\" aria-selected=\"false\" data-tab=\"2\" role=\"tab\" tabindex=\"-1\" aria-controls=\"elementor-tab-content-8752\" aria-expanded=\"false\">Discovery Date<\/div>\n\t\t\t\t\t<div id=\"elementor-tab-content-8752\" class=\"elementor-tab-content elementor-clearfix\" data-tab=\"2\" role=\"tabpanel\" aria-labelledby=\"elementor-tab-title-8752\" tabindex=\"0\" hidden=\"hidden\"><ul><li>Dec 10, 2021<\/li><\/ul><\/div>\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-tab-title elementor-tab-mobile-title\" aria-selected=\"false\" data-tab=\"3\" role=\"tab\" tabindex=\"-1\" aria-controls=\"elementor-tab-content-8753\" aria-expanded=\"false\">Threat Level<\/div>\n\t\t\t\t\t<div id=\"elementor-tab-content-8753\" class=\"elementor-tab-content elementor-clearfix\" data-tab=\"3\" role=\"tabpanel\" aria-labelledby=\"elementor-tab-title-8753\" tabindex=\"0\" hidden=\"hidden\"><ul><li>Critical<\/li><\/ul><\/div>\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-tab-title elementor-tab-mobile-title\" aria-selected=\"false\" data-tab=\"4\" role=\"tab\" tabindex=\"-1\" aria-controls=\"elementor-tab-content-8754\" aria-expanded=\"false\">Response to Log4j<\/div>\n\t\t\t\t\t<div id=\"elementor-tab-content-8754\" class=\"elementor-tab-content elementor-clearfix\" data-tab=\"4\" role=\"tabpanel\" aria-labelledby=\"elementor-tab-title-8754\" tabindex=\"0\" hidden=\"hidden\"><p class=\"s5\"><span class=\"s32\">Recently, a zero-day vulnerability (CVE-2021-44228) was\u00a0discovered\u00a0in the popular Apache Log4j logging library, which could allow an attacker full remote code execution. There is evidence that this vulnerability is being exploited in the wild. This logging library is commonly used by enterprise apps and cloud services, with many enterprise deployments supporting private apps. Apache has since released a\u00a0<\/span><span class=\"s32\">security update<\/span><span class=\"s32\">, and provided recommended configurations for earlier versions that mitigates the vulnerability&#8217;s impact, and we strongly encourage all IT admins to update their software immediately if you haven\u2019t already done so.<\/span><\/p><\/div>\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-tab-title elementor-tab-mobile-title\" aria-selected=\"false\" data-tab=\"5\" role=\"tab\" tabindex=\"-1\" aria-controls=\"elementor-tab-content-8755\" aria-expanded=\"false\">Affected Zscaler Products<\/div>\n\t\t\t\t\t<div id=\"elementor-tab-content-8755\" class=\"elementor-tab-content elementor-clearfix\" data-tab=\"5\" role=\"tabpanel\" aria-labelledby=\"elementor-tab-title-8755\" tabindex=\"0\" hidden=\"hidden\"><p><span class=\"s29\">Zscaler<\/span><span class=\"s29\"> has confirmed no impact to its services from the CVE-2021-44228 vulnerability.<\/span><\/p><\/div>\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-tab-title elementor-tab-mobile-title\" aria-selected=\"false\" data-tab=\"6\" role=\"tab\" tabindex=\"-1\" aria-controls=\"elementor-tab-content-8756\" aria-expanded=\"false\">Zscaler Recommendation<\/div>\n\t\t\t\t\t<div id=\"elementor-tab-content-8756\" class=\"elementor-tab-content elementor-clearfix\" data-tab=\"6\" role=\"tabpanel\" aria-labelledby=\"elementor-tab-title-8756\" tabindex=\"0\" hidden=\"hidden\"><p>Security researchers at Alibaba Cloud discovered a zero-day vulnerability, meaning without an emergency security update, every customer running a vulnerable version is at risk. Not only this, but the vulnerability allows full remote code execution, allowing full administrator access to the underlying Apache service and all data within it. In order to exploit this vulnerability, an attacker must first\u00a0find the app itself. <strong>To stop attackers from doing so<\/strong>:<\/p><ul><li>Minimize your attack surface and \u00a0make apps invisible<\/li><li class=\"s2\"><span class=\"s29\">Minimize your attack surface and make apps invisible<\/span><\/li><li class=\"s2\"><span class=\"s29\">Ensure only authorized users can access apps<\/span><\/li><li class=\"s28\"><span class=\"s29\">Prevent lateral movement with user-to-app and app-to-app <\/span><span class=\"s29\">microsegmentation<\/span><\/li><li class=\"s2\"><span class=\"s29\">Inspect both inbound and outbound traffic.<\/span><\/li><\/ul><p class=\"s2\"><span class=\"s29\">If you want to protect your enterprise from zero-day vulnerabilities, retire your firewalls and VPNs and embrace a true zero trust architecture with the <\/span><span class=\"s29\">Zscaler<\/span><span class=\"s29\"> Zero Trust Exchange.<\/span><\/p><\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Log4J Vulnerabilities &#8211; Zscaler Resolutions (Updated to 10 Dec 2021) The information provided below is referred from https:\/\/www.zscaler.com\/blogs\/product-insights\/prevent-apache-log4j-java-library-vulnerability-zero-trust-architecture and https:\/\/trust.zscaler.com\/posts\/9581?_gl=1*i2kw4u*_ga*MTU3NDkwMjA2NC4xNjM5OTcyNDE1*_ga_10SPJ4YJL9*MTYzOTk3MjQxNC4xLjEuMTYzOTk3MjkzNC41OQ..&amp;_ga=2.51804011.39101304.1639972415-1574902064.1639972415. CVE Number Discovery Date Threat Level Response to Log4j Affected Zscaler Products Zscaler Recommendation CVE Number 2021-44228 Discovery Date Dec 10, 2021 Threat Level Critical Response to Log4j Recently, a zero-day vulnerability (CVE-2021-44228) was\u00a0discovered\u00a0in the [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-4030","page","type-page","status-publish","hentry","entry","owp-thumbs-layout-horizontal","owp-btn-normal","owp-tabs-layout-horizontal","has-no-thumbnails","has-product-nav"],"_links":{"self":[{"href":"https:\/\/www.udshk.com\/index.php?rest_route=\/wp\/v2\/pages\/4030","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.udshk.com\/index.php?rest_route=\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.udshk.com\/index.php?rest_route=\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.udshk.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.udshk.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4030"}],"version-history":[{"count":7,"href":"https:\/\/www.udshk.com\/index.php?rest_route=\/wp\/v2\/pages\/4030\/revisions"}],"predecessor-version":[{"id":4227,"href":"https:\/\/www.udshk.com\/index.php?rest_route=\/wp\/v2\/pages\/4030\/revisions\/4227"}],"wp:attachment":[{"href":"https:\/\/www.udshk.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4030"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}