12 Cybersecurity Vendors Susceptible To The Log4j Vulnerability
Vulnerable Log4j code can be found in products from prominent identity vendors like CyberArk, ForgeRock, Okta and Ping Identity, as well as SMB-focused security companies like Fortinet, SonicWall, and Sophos.
Broadcom determined as of Tuesday that some or all versions of its CA Advanced Authentication, Symantec PAM Server Control, Symantec SiteMinder, and VIP Authentication Hub products are affected by the Log4j vulnerability. The company said its Symantec Endpoint Protection Manager offering may be affected, while exposure in the Symantec Web Security Service reporting feature has been remediated.
SiteMinder customers are urged to either configure the offering to continue using the existing Log4j versions in a secure manner or upgrade the existing Log4j version in their environment to Log4j 2.15.0. Upgrading to 2.15.0 will help reduce the likelihood of vulnerability scanning tools continuing to identify the older Log4j instances.
Symantec PAM Server Control customers are directed to stop the WildflyService, make changes to the <WILDFLY_INSTALL_DIRECTORY> and restart the service. Impact to the remaining products can be addressed by setting the system environment variable “LOG4J_FORMAT_MSG_NO_LOOKUPS” to ”true” and restarting the impacted components or services, according to Broadcom.