Open-E Log4j (Log4Shell Exploit) Statement (17 Dec, 2021)
In order to ensure the highest levels of security for our users, both Open-E JovianDSS and Open-E DSS V7 have been checked for any possible vulnerabilities related to the Log4Shell exploit, precisely to the CVE-2021-44228. Despite the fact that our products’ core systems don’t contain the affected Log4j Java library, we’ve conducted multiple tests to check if the 3rd party management tools (which are run in cases where the related hardware is installed on the server) have not been affected.
Our tests revealed as follows:
Important! The MegaRAID Storage Manager (MSM) vendor confirmed MSM's vulnerability to the CVE-2021-4104 exploit. Due to this fact, Open-E also recommends updating the tool, and provides small updates for all users.
For CVE-2021-4104 vulnerability in MSM, a similar set of small updates is available:
Regarding Open-E JovianDSS, we will soon release the up29r2 software update which will include both security patches from the aforementioned small updates.