{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2022-005.pdf"
    },
    "title": "Critical Vulnerability in Ivanti Products",
    "serial_number": "2022-005",
    "publish_date": "19-01-2022 09:25:00",
    "description": "On January 17th, Ivanti updated its advisory related to \"CVE-2021-44228\" vulnerability affecting some of its products. While this CVE affects the Java logging library \"log4j\", all products using this library are vulnerable to Unauthenticated Remote Code Execution.",
    "url_title": "2022-005",
    "content_markdown": "---\ntitle: 'Critical Vulnerability in Ivanti Products'\nversion: '1.0'\nnumber: '2022-005'\ndate: 'January 19, 2022'\n---\n\n_History:_\n\n* _19/01/2022 --- v1.0 -- Initial publication_\n\n# Summary\n\nOn January 17th, Ivanti updated its advisory related to `CVE-2021-44228` vulnerability affecting some of its products. While this CVE affects the Java logging library `log4j` [1], all products using this library are vulnerable to Unauthenticated Remote Code Execution.\n\n# Technical Details\n\nThe vulnerability exists in the Java logging library `log4j`. An unauthenticated remote attacker might exploit this vulnerability by sending specially crafted content to the application to execute malicious code on the server [1].\n\n# Affected products\n\n|Product|affected versions|Mitigation / Fix|\n|---|---|---|\n|Avalanche|6.3.0, 6.3.1, 6.3.2, and 6.3.3|Available [3]|\n|Ivanti File Director|2020.3, 2021.1, 2021.3|Available [4]|\n|MobileIron|See [5]|Available [5]|\n\n\n# Recommendations\n\nIvanti and CERT-EU strongly recommends to apply mitigations or fixes mentioned in the Affected Products section.\n\n# References\n\n[1] <https://media.cert.europa.eu/static/SecurityAdvisories/2021/CERT-EU-SA2021-067.pdf>\n\n[2] <https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US>\n\n[3] <https://forums.ivanti.com/s/article/CVE-2021-44228-Avalanche-Remote-code-injection-Log4j?language=en_US>\n\n[4] <https://forums.ivanti.com/s/article/Apache-Log4j-Zero-Day-Vulnerability-and-Ivanti-File-Director-CVE-2021-44228?language=en_US>\n\n[5] <https://media.cert.europa.eu/static/SecurityAdvisories/2021/CERT-EU-SA2021-070.pdf>\n",
    "content_html": "<p><em>History:</em></p><ul><li><em>19/01/2022 --- v1.0 -- Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>On January 17th, Ivanti updated its advisory related to <code>CVE-2021-44228</code> vulnerability affecting some of its products. While this CVE affects the Java logging library <code>log4j</code> [1], all products using this library are vulnerable to Unauthenticated Remote Code Execution.</p><h2 id=\"technical-details\">Technical Details</h2><p>The vulnerability exists in the Java logging library <code>log4j</code>. An unauthenticated remote attacker might exploit this vulnerability by sending specially crafted content to the application to execute malicious code on the server [1].</p><h2 id=\"affected-products\">Affected products</h2><table><thead><tr><th>Product</th><th>affected versions</th><th>Mitigation / Fix</th></tr></thead><tbody><tr><td>Avalanche</td><td>6.3.0, 6.3.1, 6.3.2, and 6.3.3</td><td>Available [3]</td></tr><tr><td>Ivanti File Director</td><td>2020.3, 2021.1, 2021.3</td><td>Available [4]</td></tr><tr><td>MobileIron</td><td>See [5]</td><td>Available [5]</td></tr></tbody></table><h2 id=\"recommendations\">Recommendations</h2><p>Ivanti and CERT-EU strongly recommends to apply mitigations or fixes mentioned in the Affected Products section.</p><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://media.cert.europa.eu/static/SecurityAdvisories/2021/CERT-EU-SA2021-067.pdf\">https://media.cert.europa.eu/static/SecurityAdvisories/2021/CERT-EU-SA2021-067.pdf</a></p><p>[2] <a rel=\"noopener\" target=\"_blank\" href=\"https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US\">https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US</a></p><p>[3] <a rel=\"noopener\" target=\"_blank\" href=\"https://forums.ivanti.com/s/article/CVE-2021-44228-Avalanche-Remote-code-injection-Log4j?language=en_US\">https://forums.ivanti.com/s/article/CVE-2021-44228-Avalanche-Remote-code-injection-Log4j?language=en_US</a></p><p>[4] <a rel=\"noopener\" target=\"_blank\" href=\"https://forums.ivanti.com/s/article/Apache-Log4j-Zero-Day-Vulnerability-and-Ivanti-File-Director-CVE-2021-44228?language=en_US\">https://forums.ivanti.com/s/article/Apache-Log4j-Zero-Day-Vulnerability-and-Ivanti-File-Director-CVE-2021-44228?language=en_US</a></p><p>[5] <a rel=\"noopener\" target=\"_blank\" href=\"https://media.cert.europa.eu/static/SecurityAdvisories/2021/CERT-EU-SA2021-070.pdf\">https://media.cert.europa.eu/static/SecurityAdvisories/2021/CERT-EU-SA2021-070.pdf</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}