{"id":4032,"date":"2021-12-21T14:39:11","date_gmt":"2021-12-21T06:39:11","guid":{"rendered":"https:\/\/www.udshk.com\/?page_id=4032"},"modified":"2021-12-24T11:39:08","modified_gmt":"2021-12-24T03:39:08","slug":"log4j-vulnerabilities-thales-resolutions","status":"publish","type":"page","link":"https:\/\/www.udshk.com\/?page_id=4032","title":{"rendered":"Log4J Vulnerabilities &#8211; Thales Resolutions"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-page\" data-elementor-id=\"4032\" class=\"elementor elementor-4032\" data-elementor-settings=\"[]\">\n\t\t\t\t\t\t\t<div class=\"elementor-section-wrap\">\n\t\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-5d606b0 elementor-section-height-min-height elementor-section-items-top elementor-section-boxed elementor-section-height-default\" data-id=\"5d606b0\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-b1e2f06\" data-id=\"b1e2f06\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-fcf7e67 elementor-widget elementor-widget-image\" data-id=\"fcf7e67\" data-element_type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"300\" height=\"300\" src=\"https:\/\/www.udshk.com\/wp-content\/uploads\/2021\/08\/Thales_new.png\" class=\"attachment-medium size-medium\" alt=\"\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-d2f21f8 elementor-widget elementor-widget-heading\" data-id=\"d2f21f8\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Log4J Vulnerabilities - Thales Resolutions (Updated to 20 Dec 2021)<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0abba13 elementor-widget elementor-widget-text-editor\" data-id=\"0abba13\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>The information provided below is referred from <a href=\"https:\/\/supportportal.thalesgroup.com\/csm?id=kb_article_protected&amp;sys_id=021d8257db980110520c4705059619be\">https:\/\/supportportal.thalesgroup.com\/csm?id=kb_article_protected&amp;sys_id=021d8257db980110520c4705059619be<\/a>\u00a0and <a href=\"https:\/\/supportportal.gemalto.com\/csm?id=kb_article_view&amp;sys_kb_id=12acaed3dbd841105d310573f3961953&amp;sysparm_article=KB0025297\">https:\/\/supportportal.gemalto.com\/csm?id=kb_article_view&amp;sys_kb_id=12acaed3dbd841105d310573f3961953&amp;sysparm_article=KB0025297<\/a>.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-53779d0 elementor-tabs-view-horizontal elementor-widget elementor-widget-tabs\" data-id=\"53779d0\" data-element_type=\"widget\" data-widget_type=\"tabs.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-tabs\">\n\t\t\t<div class=\"elementor-tabs-wrapper\" role=\"tablist\" >\n\t\t\t\t\t\t\t\t\t<div id=\"elementor-tab-title-8751\" class=\"elementor-tab-title elementor-tab-desktop-title\" aria-selected=\"true\" data-tab=\"1\" role=\"tab\" tabindex=\"0\" aria-controls=\"elementor-tab-content-8751\" aria-expanded=\"false\">CVE Number<\/div>\n\t\t\t\t\t\t\t\t\t<div id=\"elementor-tab-title-8752\" class=\"elementor-tab-title elementor-tab-desktop-title\" aria-selected=\"false\" data-tab=\"2\" role=\"tab\" tabindex=\"-1\" aria-controls=\"elementor-tab-content-8752\" aria-expanded=\"false\">Discovery Date<\/div>\n\t\t\t\t\t\t\t\t\t<div id=\"elementor-tab-title-8753\" class=\"elementor-tab-title elementor-tab-desktop-title\" aria-selected=\"false\" data-tab=\"3\" role=\"tab\" tabindex=\"-1\" aria-controls=\"elementor-tab-content-8753\" aria-expanded=\"false\">Threat Level<\/div>\n\t\t\t\t\t\t\t\t\t<div id=\"elementor-tab-title-8754\" class=\"elementor-tab-title elementor-tab-desktop-title\" aria-selected=\"false\" data-tab=\"4\" role=\"tab\" tabindex=\"-1\" aria-controls=\"elementor-tab-content-8754\" aria-expanded=\"false\">Response to Log4j<\/div>\n\t\t\t\t\t\t\t\t\t<div id=\"elementor-tab-title-8755\" class=\"elementor-tab-title elementor-tab-desktop-title\" aria-selected=\"false\" data-tab=\"5\" role=\"tab\" tabindex=\"-1\" aria-controls=\"elementor-tab-content-8755\" aria-expanded=\"false\">Affected Thales Products<\/div>\n\t\t\t\t\t\t\t\t\t<div id=\"elementor-tab-title-8756\" class=\"elementor-tab-title elementor-tab-desktop-title\" aria-selected=\"false\" data-tab=\"6\" role=\"tab\" tabindex=\"-1\" aria-controls=\"elementor-tab-content-8756\" aria-expanded=\"false\">Thales Mitigation<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t\t<div class=\"elementor-tabs-content-wrapper\" role=\"tablist\" aria-orientation=\"vertical\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-tab-title elementor-tab-mobile-title\" aria-selected=\"true\" data-tab=\"1\" role=\"tab\" tabindex=\"0\" aria-controls=\"elementor-tab-content-8751\" aria-expanded=\"false\">CVE Number<\/div>\n\t\t\t\t\t<div id=\"elementor-tab-content-8751\" class=\"elementor-tab-content elementor-clearfix\" data-tab=\"1\" role=\"tabpanel\" aria-labelledby=\"elementor-tab-title-8751\" tabindex=\"0\" hidden=\"false\"><ul><li><a style=\"pointer-events: none; cursor: default; text-decoration: none; color: black;\" href=\"\u201c#\u201d\">2021-44228<\/a><\/li><\/ul><\/div>\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-tab-title elementor-tab-mobile-title\" aria-selected=\"false\" data-tab=\"2\" role=\"tab\" tabindex=\"-1\" aria-controls=\"elementor-tab-content-8752\" aria-expanded=\"false\">Discovery Date<\/div>\n\t\t\t\t\t<div id=\"elementor-tab-content-8752\" class=\"elementor-tab-content elementor-clearfix\" data-tab=\"2\" role=\"tabpanel\" aria-labelledby=\"elementor-tab-title-8752\" tabindex=\"0\" hidden=\"hidden\"><ul><li>No Information<\/li><\/ul><\/div>\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-tab-title elementor-tab-mobile-title\" aria-selected=\"false\" data-tab=\"3\" role=\"tab\" tabindex=\"-1\" aria-controls=\"elementor-tab-content-8753\" aria-expanded=\"false\">Threat Level<\/div>\n\t\t\t\t\t<div id=\"elementor-tab-content-8753\" class=\"elementor-tab-content elementor-clearfix\" data-tab=\"3\" role=\"tabpanel\" aria-labelledby=\"elementor-tab-title-8753\" tabindex=\"0\" hidden=\"hidden\"><ul><li>Critical<\/li><\/ul><\/div>\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-tab-title elementor-tab-mobile-title\" aria-selected=\"false\" data-tab=\"4\" role=\"tab\" tabindex=\"-1\" aria-controls=\"elementor-tab-content-8754\" aria-expanded=\"false\">Response to Log4j<\/div>\n\t\t\t\t\t<div id=\"elementor-tab-content-8754\" class=\"elementor-tab-content elementor-clearfix\" data-tab=\"4\" role=\"tabpanel\" aria-labelledby=\"elementor-tab-title-8754\" tabindex=\"0\" hidden=\"hidden\"><p class=\"s2\"><span class=\"s32\">On December 10, Thales Cloud Protection and Licensing was made aware of a zero-day exploit in the popular Java logging library Log4J, impacting versions 2.14.1 and lower. An attacker who can control log messages or log message parameters to an affected system, has the ability to execute arbitrary code loaded from an attacker controlled internet server.\u00a0 Full details can be found in the public advisory (CVE-2021-44228).<\/span><\/p><p class=\"s2\"><span class=\"s32\">Further to our initial posting, a new advisory (CVE-2021-45046)\u00a0<\/span><span class=\"s32\">has been released detailing that in some instances the remediation from CVE-2021-44228 was insufficient. As of December 15, 2021 this bulletin also reflects the status of this CVE as well.<\/span><\/p><\/div>\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-tab-title elementor-tab-mobile-title\" aria-selected=\"false\" data-tab=\"5\" role=\"tab\" tabindex=\"-1\" aria-controls=\"elementor-tab-content-8755\" aria-expanded=\"false\">Affected Thales Products<\/div>\n\t\t\t\t\t<div id=\"elementor-tab-content-8755\" class=\"elementor-tab-content elementor-clearfix\" data-tab=\"5\" role=\"tabpanel\" aria-labelledby=\"elementor-tab-title-8755\" tabindex=\"0\" hidden=\"hidden\"><p>Thales has taken immediate action to investigate the impact of this vulnerability to our products and services.<\/p><ul><li>CADP\/SafeNet Protect App (PA) &#8211; JCE<\/li><li>CipherTrust Batch Data Transformation (BDT) 2.3<\/li><li>CipherTrust Cloud Key Manager (CCKM) Appliance<\/li><li>CipherTrust Vaulted Tokenization (CT-V) \/ SafeNet Tokenization Manager<\/li><li>CipherTrust\/SafeNet PDBCTL<\/li><li>Crypto Command Center (CCC)<\/li><li>SafeNet Vaultless Tokenization<\/li><li>Sentinel LDK EMS (LDK-EMS)<\/li><li>Sentinel LDKaas (LDK-EMS)<\/li><li>Sentinel EMS Enterprise aaS<\/li><li>Sentinel Professional Services components (both Thales hosted &amp; hosted on-premises by customers)<\/li><li>Sentinel SCL<\/li><li>Thales Data Platform (TDP)(DDC)<\/li><\/ul><p>Other Thales products are tested and assumed not to be affected.<\/p><\/div>\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-tab-title elementor-tab-mobile-title\" aria-selected=\"false\" data-tab=\"6\" role=\"tab\" tabindex=\"-1\" aria-controls=\"elementor-tab-content-8756\" aria-expanded=\"false\">Thales Mitigation<\/div>\n\t\t\t\t\t<div id=\"elementor-tab-content-8756\" class=\"elementor-tab-content elementor-clearfix\" data-tab=\"6\" role=\"tabpanel\" aria-labelledby=\"elementor-tab-title-8756\" tabindex=\"0\" hidden=\"hidden\"><p class=\"s2\"><span class=\"s32\">Thales CPL has taken action to upgrade systems immediately in accordance with these recommendations and checking logs for signs of compromise. All systems with the above versions have been patched.<\/span><\/p><p class=\"s2\"><span class=\"s32\">Customers using the impacted products on-premises should immediately update the relevant patch according to the Thales official documentation. \u00a0The Thales official documentation needs to login to the Thales support portal to get it.<\/span><\/p><p class=\"s2\"><strong><span class=\"s32\">The support portal link:<\/span><\/strong><\/p><p class=\"s2\"><a href=\"https:\/\/supportportal.thalesgroup.com\/csm?id=kb_article_protected&amp;sys_id=021d8257db980110520c4705059619be\"><span class=\"s32\">https:\/\/supportportal.thalesgroup.com\/csm?id=kb_article_protected&amp;sys_id=021d8257db980110520c4705059619be<\/span><\/a><\/p><p class=\"s2\"><strong><span class=\"s108\">Thales Software Monetization recommends organizations running Apache Log4j take the following actions:\u00a0<\/span><\/strong><\/p><ul><li class=\"s109\"><span class=\"s108\">Check for vulnerable versions of Apache Log4j in your environments and applications.<\/span><\/li><li class=\"s109\"><span class=\"s108\">Implement latest patch to production environments as soon as possible.\u00a0<\/span><\/li><li class=\"s109\"><span class=\"s108\">Monitor for security bulletins.<\/span><\/li><li class=\"s109\"><span class=\"s108\">Monitor for vendor patches as they become available.<\/span><\/li><\/ul><\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Log4J Vulnerabilities &#8211; Thales Resolutions (Updated to 20 Dec 2021) The information provided below is referred from https:\/\/supportportal.thalesgroup.com\/csm?id=kb_article_protected&amp;sys_id=021d8257db980110520c4705059619be\u00a0and https:\/\/supportportal.gemalto.com\/csm?id=kb_article_view&amp;sys_kb_id=12acaed3dbd841105d310573f3961953&amp;sysparm_article=KB0025297. CVE Number Discovery Date Threat Level Response to Log4j Affected Thales Products Thales Mitigation CVE Number 2021-44228 Discovery Date No Information Threat Level Critical Response to Log4j On December 10, Thales Cloud Protection and Licensing was [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-4032","page","type-page","status-publish","hentry","entry","owp-thumbs-layout-horizontal","owp-btn-normal","owp-tabs-layout-horizontal","has-no-thumbnails","has-product-nav"],"_links":{"self":[{"href":"https:\/\/www.udshk.com\/index.php?rest_route=\/wp\/v2\/pages\/4032","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.udshk.com\/index.php?rest_route=\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.udshk.com\/index.php?rest_route=\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.udshk.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.udshk.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4032"}],"version-history":[{"count":10,"href":"https:\/\/www.udshk.com\/index.php?rest_route=\/wp\/v2\/pages\/4032\/revisions"}],"predecessor-version":[{"id":4224,"href":"https:\/\/www.udshk.com\/index.php?rest_route=\/wp\/v2\/pages\/4032\/revisions\/4224"}],"wp:attachment":[{"href":"https:\/\/www.udshk.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4032"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}