Ebook 'From FinOps to proven cloud cost management & optimization strategies'
Whitepaper 'FinOps and cost management for Kubernetes'

Hystax announcement regarding 0-day vulnerability in Log4j

Share on linkedin
Share on twitter
Share on facebook

A high severity vulnerability (CVE-2021-44228) impacting multiple versions of the Apache Log4j 2 utility was disclosed publicly via the project’s GitHub on December 9, 2021. This vulnerability allows an attacker to exploit remote system and remote code execution if service logs incoming data using Log4j 2 versions 2.0 to 2.14.1.

Hystax team performed an analysis of the possible impact of the vulnerability on the users of Hystax Acura and Hystax OptScale.

Both OptScale and Acura don’t use Log4j in their own code. However, there is one third-party component that can be impacted there – ELK (Elasticsearch-Logstash-Kibana) stack. Elasticsearch team is openly working on the fix and providing mitigation workarounds here. While we are anticipating the updated version of ELK stack, please find mitigation scenarios for our products below.

Hystax Acura

Hystax Acura has integrated ELK (Elasticsearch-Logstash-Kibana) stack which serves for logging for remote replication agents, so potentially attackers can use the Logstash vulnerability to perform the attack.

To mitigate this, users should cover ingress port udp/12201 of Hystax Acura controller (or respective Load Balancer in case of HA deployment) by a whitelist of known source IP ranges where replication agents work.

Hystax team will reach our partners with the request to update their Acura deployment once we have the updated version of ELK stack ready.

Marketplace versions of Hystax Acura (on AWS, Azure, Alibaba, GCP and Yandex.Cloud) will also receive the updates.

Hystax OptScale

Hystax OptScale SaaS doesn’t have a public attack surface for this Log4j vulnerability. However, we’ve already patched the ELK component as recommended by the Elasticsearch team. 

Marketplace versions of Hystax OptScale will also receive the related updates.

Free cloud cost optimization. Lifetime

Please contact our support team at [email protected] if you have any questions.

Enter your email to be notified about new and relevant content.

Thank you for joining us!

We hope you'll find it usefull

You can unsubscribe from these communications at any time. Privacy Policy

News & Reports

FinOps & Test Environment Management

A full description of OptScale as a FinOps and Test Environment Management platform to organize shared environment usage, optimize & forecast Kubernetes and cloud costs

From FinOps to proven cloud cost management & optimization strategies

This ebook covers the implementation of basic FinOps principles to shed light on alternative ways of conducting cloud cost optimization

Engage your engineers in FinOps and cloud cost saving

Discover how OptScale helps companies quickly increase FinOps adoption by engaging engineers in FinOps enablement and cloud cost savings