Updated: January 28, 2022  

Keysight is aware of the recently disclosed Apache Log4j 2 vulnerabilities (CVE-2021-44228, CVE-2021-45046, CVE-2021-45105).

Keysight has assessed our complete product portfolio and determined that only the products below are impacted1. Mitigation information can be found in the links provided.

Product Mitigation
CloudLens 6.0 forward Visit Ixia Security Advisory
CloudLens vPB Visit Ixia Security Advisory
CloudlLens Self-Hosted / vTap Capability Visit Ixia Security Advisory
CyPerf Visit Ixia Security Advisory
Eagle Visit Ixia Security Advisory
Eggplant Functional IBM Rational Quality Manager (RQM) Adapter Visit Eggplant Security Advisory
Eggplant Manager Visit Eggplant Security Advisory
Flexera lmadmin - License Server Manager Updated install packages are available at: Keysight License Server
Hawkeye Visit Ixia Security Advisory
Network Visibility Operating System on Keysight Network Packet Brokers software version 4.x, 5.x Visit Ixia Security Advisory
PathWave Manufacturing Analytics Keysight-hosted instances patched as of 12/15/2021. Keysight will contact customers to arrange patching for locally-hosted instances.
Spirent TTworkbench Keysight is currently qualifying an update of TTworkbench distributed with some of our charging system test solutions. An update will be provided when available.
UHD100T32 Visit Ixia Security Advisory
Visibility Application Module - Used for Active SSL/Inline SSL/Out of Band SSL with Vision ONE [MV1-ASSL-1G/2G/4G/10G] Visit Ixia Security Advisory
Visibility Application Module with SIP/RTP Correlation SW Package [MV1-MS-SRC] Visit Ixia Security Advisory
Vision X Application Module (MVX-AM4-PC) running any of the MobileStack SW License Packages Visit Ixia Security Advisory

For more information on the vulnerability, please review the following vulnerability descriptions: (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228, https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046 and https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45105) and the Apache Log4j 2 (https://logging.apache.org/log4j/2.x/index.html) post.

For additional questions, please contact Keysight.

1 Keysight used commercially reasonable efforts to compile the list of products affected by the Apache Log4j 2 vulnerability. Keysight offers this information for your convenience and does not warrant it is complete

Want help or have questions?