What are you looking for?
Security Advisory: Apache Log4j 2 Vulnerabilities
CVE-2021-44228, CVE-2021-45046, CVE-2021-45105
Updated: January 28, 2022
Keysight is aware of the recently disclosed Apache Log4j 2 vulnerabilities (CVE-2021-44228, CVE-2021-45046, CVE-2021-45105).
Keysight has assessed our complete product portfolio and determined that only the products below are impacted1. Mitigation information can be found in the links provided.
| Product | Mitigation |
|---|---|
| CloudLens 6.0 forward | Visit Ixia Security Advisory |
| CloudLens vPB | Visit Ixia Security Advisory |
| CloudlLens Self-Hosted / vTap Capability | Visit Ixia Security Advisory |
| CyPerf | Visit Ixia Security Advisory |
| Eagle | Visit Ixia Security Advisory |
| Eggplant Functional IBM Rational Quality Manager (RQM) Adapter | Visit Eggplant Security Advisory |
| Eggplant Manager | Visit Eggplant Security Advisory |
| Flexera lmadmin - License Server Manager | Updated install packages are available at: Keysight License Server |
| Hawkeye | Visit Ixia Security Advisory |
| Network Visibility Operating System on Keysight Network Packet Brokers software version 4.x, 5.x | Visit Ixia Security Advisory |
| PathWave Manufacturing Analytics | Keysight-hosted instances patched as of 12/15/2021. Keysight will contact customers to arrange patching for locally-hosted instances. |
| Spirent TTworkbench | Keysight is currently qualifying an update of TTworkbench distributed with some of our charging system test solutions. An update will be provided when available. |
| UHD100T32 | Visit Ixia Security Advisory |
| Visibility Application Module - Used for Active SSL/Inline SSL/Out of Band SSL with Vision ONE [MV1-ASSL-1G/2G/4G/10G] | Visit Ixia Security Advisory |
| Visibility Application Module with SIP/RTP Correlation SW Package [MV1-MS-SRC] | Visit Ixia Security Advisory |
| Vision X Application Module (MVX-AM4-PC) running any of the MobileStack SW License Packages | Visit Ixia Security Advisory |
For more information on the vulnerability, please review the following vulnerability descriptions: (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228, https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046 and https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45105) and the Apache Log4j 2 (https://logging.apache.org/log4j/2.x/index.html) post.
For additional questions, please contact Keysight.
1 Keysight used commercially reasonable efforts to compile the list of products affected by the Apache Log4j 2 vulnerability. Keysight offers this information for your convenience and does not warrant it is complete
Want help or have questions?