• This topic has 2 replies, 3 voices, and was last updated December 13, 2021 by Product R.

Log4Shell

  • Ciaran G
    December 13, 2021 10:25:08 AM

    Does anyone know if any version of Zerto is affected by this security issue?

    Dong X
    December 13, 2021 10:52:51 AM

    The vulnerability, as of December 11th at 14:00 IL time, affects only Log4J with Java.
    The following components do not use Java and are, therefore, unaffected by the vulnerability: ZVM, VRA, ZCA, ZCM (which are all the customer installed components)

    We are still in the process of analyzing all tools and services across the company and will provide additional updates when the analysis completes.

    Please refer to this link: https://help.zerto.com/kb/000004822

    Product R
    December 13, 2021 04:24:40 PM

    I found this interesting. I ran the Huntress test on Zerto 7.5 Update 2 installed on a windows server, and it came back as vulnerable. The JNDI:LDAP queries reported back to huntress.

You must be logged in to create new topics. Click here to login