GFI Software

Welcome to the GFI Software community forum! For support please open a ticket from https://support.gfi.com.

Home » GFI User Forums » Kerio Connect » Impact of Log4j vulnerability on GFI (CVE-2021-44228)
Impact of Log4j vulnerability on GFI [message #150660] Tue, 14 December 2021 00:54 Go to previous message
srazvan is currently offline  srazvan
Messages: 10
Registered: September 2021
A new 0-day vulnerability, formally known as CVE-2021-44228, was published on the NIST National Vulnerability Database on Friday, December 10. It is found in the Log4j Java library.

Log4j is a popular open source logging library made by the Apache Software Foundation. The security vulnerability found in Log4j allows hackers to execute remote commands on a target system. The severity of the vulnerability is classified as "Critical" by NIST.

How are GFI products impacted?
The GFI development team is reviewing our products for use of Log4j.

A function of Kerio Connect utilizes Log4j, and a recommended mitigation is identified below.

If we identify any additional recommended mitigations, we will provide a follow up communication. Additional information, when available, will also be posted on https://techtalk.gfi.com/impact-of-log4j-vulnerability-on-gfi/.

Kerio Connect vulnerability mitigation
Log4j is used in Kerio Connect as part of the chat function. We recommend that all Kerio Connect users temporarily disable the chat function in the software.

To disable chat in Kerio Connect:
    Go to Configuration
    Click on Domains
    Double-click on the desired domain
    Find the "Chat" section on the General tab
    Deselect the "Enable chat in Kerio Connect Client." option
    Repeat the above steps for all of your email domains
Kerio Connect security hotfix
Work has already started on a security hotfix for Kerio Connect. We intend to deliver a public release in the next few days.

We will send a follow-up notification to all Kerio Connect customers at your registered email when the release is available.


GFI Customer Support Edge Team
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: Remove duplicate messages
Next Topic: Technical Support for KerioConnect
Goto Forum:
  


Current Time: Sun Oct 02 21:44:22 CEST 2022

Total time taken to generate the page: 0.02580 seconds