Does anyone know if any version of Zerto is affected by this security issue?
The vulnerability, as of December 11th at 14:00 IL time, affects only Log4J with Java.
The following components do not use Java and are, therefore, unaffected by the vulnerability: ZVM, VRA, ZCA, ZCM (which are all the customer installed components)
We are still in the process of analyzing all tools and services across the company and will provide additional updates when the analysis completes.
Please refer to this link: https://help.zerto.com/kb/000004822
I found this interesting. I ran the Huntress test on Zerto 7.5 Update 2 installed on a windows server, and it came back as vulnerable. The JNDI:LDAP queries reported back to huntress.