[JDSS][DSS V7] Open-E Log4j (Log4Shell Exploit) Statement

Additional information:

Open-E Log4j (Log4Shell Exploit) Statement (17 Dec, 2021)

In order to ensure the highest levels of security for our users, both Open-E JovianDSS and Open-E DSS V7 have been checked for any possible vulnerabilities related to the Log4Shell exploit, precisely to the CVE-2021-44228. Despite the fact that our products’ core systems don’t contain the affected Log4j Java library, we’ve conducted multiple tests to check if the 3rd party management tools (which are run in cases where the related hardware is installed on the server) have not been affected. 

Our tests revealed as follows:

Important! The MegaRAID Storage Manager (MSM) vendor confirmed MSM's vulnerability to the CVE-2021-4104 exploit. Due to this fact, Open-E also recommends updating the tool, and provides small updates for all users.


In order to solve the above-mentioned issues, we have delivered small updates for both of our products. For the CVE-2021-44228 vulnerability in MaxView Storage Manager:

For CVE-2021-4104 vulnerability in MSM, a similar set of small updates is available:

Regarding Open-E JovianDSS, we will soon release the up29r2 software update which will include both security patches from the aforementioned small updates.
 
More information about the update will be sent in separate emails.

Small updates:

DSS V7
https://software:UuPpDdAaTtEe@ftp.open-e.com/In_Engineering_Phase/70728-DSS-V7_log4j_maxview_cve-2021-44228/upd_70728-DSS-V7.upd
https://software:UuPpDdAaTtEe@ftp.open-e.com/In_Engineering_Phase/70729-DSS-V7_log4j_fix_cve-2021_4104_msm/upd_70729-DSS-V7.upd

JovianDSS:
https://software:UuPpDdAaTtEe@ftp.open-e.com/In_Engineering_Phase/90360-JDSS_maxview_log4j_fix/upd_90360-JDSS.upd
https://software:UuPpDdAaTtEe@ftp.open-e.com/In_Engineering_Phase/90362-JDSS_log4j_fix_cve_2021_4104_msm/upd_90362-JDSS.upd



Article ID: 3261
Last updated: 01 Mar, 2022
Revision: 6
DSS V7 -> DSS V7 Information -> General info -> [JDSS][DSS V7] Open-E Log4j (Log4Shell Exploit) Statement
https://kb.open-e.com/jdssdss-v7-open-e-log4j-(log4shell-exploit)-statement_3261.html