CVE-2021-44228/CVE-2021-45046 Windows and Linux Mitigation...

Connect Rookie

4 years ago

Hi, I'm having some mixed results with this audit template, hoped you could help:

I've run the Audit cve-2021-44228_cve-2021-45046-windows.audit using (using an admin authenticated scan) against 2 of our Windows hosts for testing.

One comes back with the PASSED output as follows

'Checking:

org/apache/logging/log4j/core/lookup/JndiLookup.class not found'

POLICY VALUE

'^org/apache/logging/log4j/core/lookup/jndilookup.class not found$'

The other comes back with WARNING output

'WMI_CMD_EXEC_FAILED: Could not execute command

POLICY VALUE

'^org/apache/logging/log4j/core/lookup/jndilookup.class not found$'

The host with the WARNING output is confirmed vulnerable to CVE-2021-45046, but the output is not what I was expecting (would have expected FAILED, as documented in the github readme)

Am I doing something obviously wrong?

Forum Discussion

CVE-2021-44228/CVE-2021-45046 Windows and Linux Mitigation...

Recent Discussions

Disable Red Hat repository correlations and strictly use package version checks

Component Installs Require Paranoid Checks

Windows Patch Management Remediation Guidance

Improvements to Live Kernel Patching Detection

Ruby Gem Enumeration Detection Updates

Americas

Europe

Asia / Australia