Updated: January 28, 2022
Keysight is aware of the recently disclosed Apache Log4j 2 vulnerabilities (CVE-2021-44228,CVE-2021-45046,CVE-2021-45105).
Keysight has assessed our complete product portfolio and determined that only the products below are impacted1. Mitigation information can be found in the links provided.
|
Product |
Mitigation |
|
CloudLens 6.0 forward |
|
|
CloudLens vPB |
|
|
CloudlLens Self-Hosted / vTap Capability |
|
|
CyPerf |
|
|
Eagle |
|
|
Eggplant Functional IBM Rational Quality Manager (RQM) Adapter |
|
|
Eggplant Manager |
|
|
Flexera lmadmin - License Server Manager |
Updated install packages are available at: Keysight License Server |
|
Hawkeye |
|
|
Network Visibility Operating System on Keysight Network Packet Brokers software version 4.x, 5.x |
|
|
PathWave Manufacturing Analytics |
Keysight-hosted instances patched as of 12/15/2021. Keysight will contact customers to arrange patching for locally-hosted instances. |
|
Spirent TTworkbench |
Keysight is currently qualifying an update of TTworkbench distributed with some of our charging system test solutions. An update will be provided when available. |
|
UHD100T32 |
|
|
Visibility Application Module - Used for Active SSL/Inline SSL/Out of Band SSL with Vision ONE [MV1-ASSL-1G/2G/4G/10G] |
|
|
Visibility Application Module with SIP/RTP Correlation SW Package [MV1-MS-SRC] |
|
|
Vision X Application Module (MVX-AM4-PC) running any of the MobileStack SW License Packages |
For more information on the vulnerability, please review the following vulnerability descriptions: (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228, https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046 and https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45105) and the Apache Log4j 2 (https://logging.apache.org/log4j/2.x/index.html) post.
For additional questions, please contact Keysight.
1Keysight used commercially reasonable efforts to compile the list of products affected by the Apache Log4j 2 vulnerability. Keysight offers this information for your convenience and does not warrant it is complete