Is Retrace or Prefix vulnerable to the Log4j remote code execution exploit?
  • 15 Dec 2021
  • 1 Minute to read
  • Contributors
  • Dark
    Light
  • PDF

Is Retrace or Prefix vulnerable to the Log4j remote code execution exploit?

  • Dark
    Light
  • PDF

On December 9th, 2021 it was announced that Apache Log4j library version 2.x for Java was vulnerable to remote code execution (RCE) exploit CVE-2021-44228 allowing access to servers using it. Netreo engineering and security teams have confirmed that the Retrace product does use Java, however it uses an older version of the Log4j library that is not vulnerable to this exploit.

If you have manually configured Log4j to work with Retrace or Prefix, or are using the stackify-log-log4j2 library, please check your individual deployment to make sure you have not installed a vulnerable version of Log4j and ensure you have upgraded to at least version 4.0.2 of the stackify-log-log4j2 library.

We are continuously monitoring all our environments for any indication of active threats and exploits.

If you have any concerns, please feel free to contact Netreo Support.


Was this article helpful?