Hier finden Sie wichtige und aktuelle Informationen zu unseren Herstellern und Produkten.
Aktuelle Informationen zum Apache Log4j Problem unserer betroffenen Produkte. Produkte, die nicht aufgeführt werden, sind von der Schwachstelle nicht betroffen. Alle Hersteller informieren auch immer direkt zu evtl. Schwachstellen.
EDR End of Support for TLS 1.1 or 1.0, September 19, 2022
UPDATE SEPTEMBER 28: SentinelOne has extended their End of Support for TLS 1.0 and TLS 1.1 from October 1st 2022 to the second half of November 2022.
Starting October 1, 2022, SentinelOne will no longer support Transport Layer Security (TLS) 1.1 or 1.0 for Agent to Management Console communication.
Quelle: Hier geht es zum Artikel
Apache Log4j Vulnerability – Updated 12 p.m. EST, December 13, 2021
As you may know, a vulnerability within the Apache Log4j tool was identified on Friday, December 10, 2021 – tracked as CVE-2021-44228. Log4j is a logging framework created by Apache and used widely across the internet. Many, many services are potentially vulnerable to this exploit.
N-able can confirm there are no vulnerabilities in these products, as they do not utilize a vulnerable version of Apache Log4j or they may not utilize Apache Log4j at all.
Digital Certificate upgrade
As we have communicated, the digital certificate for our SolarWinds MSP products will be revoked on March 8, 2021.
If you have not yet upgraded per our recommendations, the day-to-day operation of any software signed by the certificate may be impacted by a user’s operating system, antivirus, or endpoint protection.
Please see this link - https://success.solarwindsmsp.com/kb/solarwinds/DIGITAL-CERTIFICATE-UPDATE-PRODUCT-FAQ, which includes information for all SolarWinds MSP products, as well as more details on what to do to ensure your devices have the latest certificate.
Dates and times: Montag, 8. März
00 : 00 : 00 : 00
ISN 2021-11: UMS Log4j vulnerability
First published 13 December 2021 - Update 22.12.2021 - Update auf 6.09.120 hier verfügbar
CVSS 3.1 Base Score:10.0 (Critical)
A critical vulnerability, also known as Log4shell, has been found in the Log4j logging library. This affects the following IGEL products (other IGEL products are not affected): IGEL Universal Management Suite (UMS).
The versions 2.0-beta9 up to 2.14.1 of the Log4j library are vulnerable to Remote Command Execution (RCE). This means that a remote attacker can execute commands over the network on software that contains the vulnerable Log4j versions. IGEL UMS and the Elasticsearch engine in the IGEL Web App are affected.
Exploit code is already available, and the issue is being actively exploited on the Internet. Therefore, IGEL strongly recommends applying the mitigations below and updating UMS installations as soon as a fixed version is available.
In a typical UMS installation, this issue is mitigated by the fact that UMS is not reachable from the Internet.
A fixed version of UMS is in preparation. This document will be updated when it is available.