supportkb.riverbed.com Open in urlscan Pro
208.70.196.43  Public Scan

Form analysis
1 forms found in the DOM

POST https://support.riverbed.com/bin/project/LoginServlet

<form method="post" id="form_createCase" action="https://support.riverbed.com/bin/project/LoginServlet" data-analytics-desc="Knowledge Base Create Case">
  <input type="hidden" name="callbackUrl" value="https://support.riverbed.com/content/support/my_riverbed/cases_and_rmas/create_case.html"><input type="hidden"
    value="After browsing this kb article: CVE-2021-44228 and CVE-2021-45046 Apache Log4j (Log4Shell) security advisory / https://supportkb.riverbed.com/support/index?page=content&amp;id=S35645&amp;actp=CASEREQUEST, the customer is requesting more information . (Please provide any additional details in this area.)"
    name="description">
  <input type="hidden" value="" name="softwareVersion" id="softwareVersionText">
</form>

Text Content

 * Riverbed Support
 * 
 * Solution #S35645


CVE-2021-44228 AND CVE-2021-45046 APACHE LOG4J (LOG4SHELL) SECURITY ADVISORY

Categories:
All Products
Solution Number:
S35645
Last Modified:
2021-12-15

ISSUE

CVE-2021-44228 – Vulnerability in Apache Log4j library "Log4Shell"
CVE-2021-45046 - Apache Log4j 2.15.0 was incomplete in certain non-default
configurations
 

SOLUTION

Riverbed is actively working on identifying and resolving CVE-2021-44228  across
all vulnerable products. As each product is updated, tested, and released, we
will update this knowledge base article.Additionally, an updated and related
vulnerability CVE-2021-45046 has been released and is actively being
investigated. While our internal teams conduct analysis we will be moving
forward with prescribed updates to Log4J 2.12 and 2.15 RC2 to address the high
risk vulnerability noted in CVE-2021-44228.

NOTE: To receive real-time updates on this article, please click the Subscribe
icon in the upper left corner of this article. Updates will be emailed to you as
they are published. For additional information on how to subscribe, see S22384.




SteelCentral products

Product/Release

Status
(CVE-2021-44228)

Patched Releases
(CVE-2021-44228)

Status
(CVE-2021-45046)

Patched Releases

(CVE-2021-45046)

Additional Information

NetIM 2.x

Vulnerable

Fix ETA 12/19/2021

Under Investigation

 

Log4j in use

Portal 1.x, 2.x, 3.x

Vulnerable

Planned 

Under Investigation

 

Log4j in use, Recommendation for 2.x customers is to update to 3.x and then
update to the 3.5.x patch (when released) that would contain the fix.

Aternity

Vulnerable

Planned

Under Investigation

 

Latest Updates here : S35643

UCExpert

Vulnerable

Fix ETA 12/19/2021

Under Investigation

 

Log4j in use

AppResponse11

Not Vulnerable

N/A

Not Vulnerable

 

 

AppResponse9

Not Vulnerable

N/A

Under Investigation

 

End of Support

Packet Analyzer

Not Vulnerable

N/A

Not Vulnerable

 

 

Packet Analyzer Plus

Not Vulnerable

N/A

Not Vulnerable

 

 

Modeler

Not Vulnerable

N/A

Under Investigation

 

 

NetIM 1.x

Not Vulnerable

N/A

Under Investigation

 

 

NetIM Test Engine

Not Vulnerable

N/A

Not Vulnerable

 

 

NetAuditor Desktop

Not Vulnerable

N/A

Under Investigation

 

 

NetAuditor Web

Not Vulnerable

N/A

Under Investigation

 

 

NetCollector

Not Vulnerable

N/A

Under Investigation

 

 

NetPlanner

Not Vulnerable

N/A

Under Investigation

 

 

Report Server

Not Vulnerable

N/A

Under Investigation

 

End of Support

Transaction Analyzer

Not Vulnerable

N/A

Not Vulnerable

 

 

Transaction Analyzer Agents                   

Not Vulnerable

N/A

Not Vulnerable

 

 

Flow Gateway

Not Vulnerable

N/A

Not Vulnerable

 

 

NetExpress

Not Vulnerable

N/A

Not Vulnerable

 

 

NetShark

Not Vulnerable

N/A

Under Investigation

 

End of Support

NetProfiler

Not Vulnerable

N/A

Not Vulnerable

 

 

Packet Trace Warehouse

Not Vulnerable

N/A

Under Investigation

 

 

FlowTraq

Not Vulnerable

N/A

Not Vulnerable

 

 



 
SteelConnect products

Product/Release

Status
(CVE-2021-44228)

Patched Releases
(CVE-2021-44228)

Status
(CVE-2021-45046)

Patched Releases 
(CVE-2021-45046)  

Additional Information

Scon EX Director                                     

Vulnerable  

Fix ETA 12/19/2021

Under Investigation

 

 

Scon EX Analytics

Vulnerable

Fix ETA 12/19/2021

Under Investigation

 

 

Scon EX FlexVNF

Not Vulnerable

N/A

Under Investigation

 

 

Scon CX

Not Vulnerable

N/A

Under Investigation

 

 



SteelHead products

Product/Release

Status 
(CVE-2021-44228)

Patched Releases 
(CVE-2021-44228)

Status
(CVE-2021-45046)

Patched Releases
(CVE-2021-45046)

Additional Information

SteelHead CX (appliance, virtual, cloud)

Not Vulnerable

N/A

Not Vulnerable

 

 

SteelHead Interceptor

Not Vulnerable

N/A

Not Vulnerable

 

 

SteelCentral Controller for SteelHead

Not Vulnerable

N/A

Not Vulnerable

 

 

Client Accelerator Controllers and Client Accelerator
aka SteelCentral Controller for SteelHead Mobile and SteelHead Mobile)

Not Vulnerable

N/A

Not Vulnerable

 

 

WinSec Controller for SteelHead (WSC)

Not Vulnerable

N/A

Not Vulnerable

 

 

 
SaaS products

Product/Release

Status
(CVE-2021-44228)

Patched Releases
(CVE-2021-44228)

Status
(CVE-2021-45046)

Patched Releases
(CVE-2021-45046)

Additional Information

SaaS Accelerator                                    

Not Vulnerable  

N/A

Under Investigation

 

 


 
SteelFusion products

Product/Release

Status
(CVE-2021-44228)

Patched Releases
(CVE-2021-44228)

Status
(CVE-2021-45046)

Patched Releases
(CVE-2021-45046)

Additional Information

SteelFusionCore (appliance, virtual)       

Not Vulnerable

N/A

Under Investigation

 

 

SteelFusion Edge

Not Vulnerable

N/A

Under Investigation

 

 

SteelHead EX

Not Vulnerable

N/A

Under Investigation

 

 

RELATED BUGS

ATTACHMENTS

NOTICE: Riverbed® product names have changed. Please refer to the Product List
for a complete list of product names.

Can't find an answer? Create a case