Open-E Knowledgebase

[JDSS][DSS V7] Open-E Log4j (Log4Shell Exploit) Statement

Article ID: 3261
Last updated: 17 Dec, 2021

Additional information:

  • product name: JovianDSS / DSS V7
  • product version: all
  • build: all ​​​​​​

Open-E Log4j (Log4Shell Exploit) Statement


In order to ensure the highest levels of security for our users, both Open-E JovianDSS and Open-E DSS V7 have been checked for any possible vulnerabilities related to the Log4Shell exploit. Despite the fact that our products’ core systems don’t contain the affected Log4j Java library, we’ve conducted multiple tests to check if the 3rd party management tools (which are run in cases where the related hardware is installed on the server) have not been affected. 
Our tests revealed as follows:

  • The MaxView Storage Manager tool utilizes the Apache Log4j library and is affected by the exploit. 
  • The MegaRAID Storage Manager (MSM) utilizes the Apache Log4j library but none of our tests showed any indication of the library being affected by the exploit.

In order to minimize the risk, please ensure that your data storage setup is not connected to the Internet or is behind a firewall.


Open-E safety measures:

  • Open-E will release updates to Open-E JovianDSS and Open-E DSS V7 to disable the MaxView Storage Manager tool to help our customers protect their infrastructure as soon as possible. 
  • After that, Open-E will release an update for MaxView Storage Manager containing a security patch (more testing is needed to ensure no further issues or compatibility problems). 

More information about the updates will be sent in separate emails.
 

This article was:   Helpful | Not helpful Report an issue


Article ID: 3261
Last updated: 17 Dec, 2021
Revision: 1
Views: 0
Posted: 17 Dec, 2021 by Tymrakiewicz S.
Updated: 17 Dec, 2021 by Tymrakiewicz S.
print  Print email  Subscribe email  Email to friend share  Share pool  Add to pool
Tags
log4 exploit log4j
Also listed in
folder JovianDSS -> JovianDSS Information -> General info

Prev     Next
[DSS V7] How to update TLS version from 1 and 1.1 to 1.2 [port...       Auto Failover

The Knowledge base is managed by Open-E data storage software company.