A high severity vulnerability (CVE-2021-44228) impacting multiple versions of the Apache Log4j 2 utility was disclosed publicly via the project’s GitHub on December 9, 2021. This vulnerability allows an attacker to exploit remote system and remote code execution if service logs incoming data using Log4j 2 versions 2.0 to 2.14.1.
Hystax team performed an analysis of the possible impact of the vulnerability on the users of Hystax Acura and Hystax OptScale.
Both OptScale and Acura don’t use Log4j in their own code. However, there is one third-party component that can be impacted there – ELK (Elasticsearch-Logstash-Kibana) stack. Elasticsearch team is openly working on the fix and providing mitigation workarounds here. While we are anticipating the updated version of ELK stack, please find mitigation scenarios for our products below.
Hystax Acura has integrated ELK (Elasticsearch-Logstash-Kibana) stack which serves for logging for remote replication agents, so potentially attackers can use the Logstash vulnerability to perform the attack.
To mitigate this, users should cover ingress port udp/12201 of Hystax Acura controller (or respective Load Balancer in case of HA deployment) by a whitelist of known source IP ranges where replication agents work.
Hystax team will reach our partners with the request to update their Acura deployment once we have the updated version of ELK stack ready.
Marketplace versions of Hystax Acura (on AWS, Azure, Alibaba, GCP and Yandex.Cloud) will also receive the updates.
Hystax OptScale SaaS doesn’t have a public attack surface for this Log4j vulnerability. However, we’ve already patched the ELK component as recommended by the Elasticsearch team.
Marketplace versions of Hystax OptScale will also receive the related updates.