Is GroundWork Monitor affected by CVE-2021-44228
December 15, 2021
Is GroundWork Monitor affected by CVE-2021-44228? GroundWork routinely scans released and supported versions for critical vulnerabilities.
For example, on Friday, December 10th, 2021 we scanned GroundWork Monitor Enterprise Edition (EE) versions 8.2.0 and 8.2.1 for the Log4Shell CVE-2021-44228 zero-day vulnerability. On Monday, December 13th, 2021 we also scanned versions 7.2.1, 8.1.3, 8.2.0 and 8.2.1 using updated signatures that came out over the weekend. Our engineers also hand-reviewed the systems to see if any known exploitable configurations exist. The results indicate that GroundWork Monitor (EE) 7.2.1 is not vulnerable. While there is a vulnerable version of log4j 2.11.1 in a few containers in version 8.x, there is no opportunity to exploit it remotely. So no action is needed to secure any supported GroundWork Monitor system for this vulnerability.