12 Cybersecurity Vendors Susceptible To The Log4j Vulnerability
Vulnerable Log4j code can be found in products from prominent identity vendors like CyberArk, ForgeRock, Okta and Ping Identity, as well as SMB-focused security companies like Fortinet, SonicWall, and Sophos.
VMware Carbon Black
While the Carbon Black suite of endpoint products do not directly use the Log4j library and have its vulnerabilities, the VMware subsidiary said there are portions of the version 1 of VMware Carbon Black Cloud Workload Appliance and version 7.6 of the VMware Carbon Black EDR Server that are impacted and may require attention.
The VMware Carbon Black Cloud Workload appliance 1.1.1 security patch released Tuesday addresses the Log4j vulnerability, and customers must ensure the appliance root password is not expired to do the upgrade. A patch has also been released for the VMware Carbon Black EDR Server following temporary workarounds for each.