Keysight Actions: Apache Log4j 2 Vulnerabilities

CVE-2021-44228, CVE-2021-45046, CVE-2021-45105

Updated: January 19, 2022

Keysight is aware of the recently disclosed Apache Log4j 2 vulnerabilities (CVE-2021-44228,CVE-2021-45046,CVE-2021-45105).

Keysight has assessed our complete product portfolio and determined that only the products below are impacted1. Mitigation information can be found in the links provided.

Product

Mitigation

CloudLens 6.0 forward

Visit Ixia Security Advisory

CloudLens vPB

Visit Ixia Security Advisory

CloudlLens Self-Hosted / vTap Capability

Visit Ixia Security Advisory

CyPerf

Visit Ixia Security Advisory

Eagle

Visit Ixia Security Advisory

Eggplant Functional IBM Rational Quality Manager (RQM) Adapter

Visit Eggplant Security Advisory

Eggplant Manager

Visit Eggplant Security Advisory

Flexera lmadmin - License Server Manager

Updated install packages will be available on 1/20/22 at: Keysight License Server

Hawkeye

Visit Ixia Security Advisory

Network Visibility Operating System on Keysight Network Packet Brokers software version 4.x, 5.x

Visit Ixia Security Advisory

PathWave Manufacturing Analytics

Keysight-hosted instances patched as of 12/15/2021. Keysight will contact customers to arrange patching for locally-hosted instances.

Spirent TTworkbench

Keysight is currently qualifying an update of TTworkbench distributed with some of our charging system test solutions. An update will be provided when available.

UHD100T32

Visit Ixia Security Advisory

Visibility Application Module - Used for Active SSL/Inline SSL/Out of Band SSL with Vision ONE [MV1-ASSL-1G/2G/4G/10G]

Visit Ixia Security Advisory

Visibility Application Module with SIP/RTP Correlation SW Package [MV1-MS-SRC]

Visit Ixia Security Advisory

Vision X Application Module (MVX-AM4-PC) running any of the MobileStack SW License Packages

Visit Ixia Security Advisory

For more information on the vulnerability, please review the following vulnerability descriptions: (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228, https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046 and https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45105) and the Apache Log4j 2 (https://logging.apache.org/log4j/2.x/index.html) post.

For additional questions, please contact Keysight.

1Keysight used commercially reasonable efforts to compile the list of products affected by the Apache Log4j 2 vulnerability. Keysight offers this information for your convenience and does not warrant it is complete