10 Technology Vendors Affected By The Log4j Vulnerability
Vulnerable Log4j code can be found in products from some of the most prominent technology vendors like Cisco, IBM, and VMware, and as well as one serving the MSP community like ConnectWise and N-able.
Amazon Web Services
Amazon Web Services said it is addressing the Log4j vulnerability for any services that either use the open-source code or provide it to customers as part of their service. The Seattle, Wash.-based cloud computing giant said it encourages customers who manage environments containing Log4j to update to the latest version.
Updates for AWS Greengrass versions 1.10 and 1.11 are expected to be available Friday, and customers are directed in the meantime to verify that their custom lambda code does not use arbitrary stream names and file names outside the customer’s control. API Gateway is being updated to a version of Log4j that mitigates the issue, and customers may observe periodic latency during those updates.
AWS EMR clusters launched with EMR 5 and EMR 6 releases include open source frameworks such as Apache Hive, Flink, HUDI, Presto, and Trino which use vulnerable versions of Apache Log4j. The company said it is actively working on building an update that mitigates issues around when open source frameworks installed on a customer’s EMR cluster process information from untrusted sources.