topic Re:LOG4J weakness in BMC interfaces in Intel® Xeon® Processor and Server Products

LOG4J weakness in BMC interfaces

MASTEROFTHEHOUSE — Tue, 14 Dec 2021 18:01:11 GMT

Hello is anybody aware if we have in all intel server mainboards using a bmc interface a problem with the Java LOG4J weakness?

Re:LOG4J weakness in BMC interfaces

Paul_R_Intel — Wed, 15 Dec 2021 03:06:12 GMT

Hello MASTEROFTHEHOUSE,

Thank you for joining the community.

Intel's security teams are aware of this issue and are in the process of investigating the impact of the Apache log4j security vulnerability on Intel products/software.

As with all security vulnerabilities, this is being treated as a high priority within Intel and Intel will provide updates as our investigation progresses.

Regards

Paul R.

Intel Customer Support Technician

For firmware updates and troubleshooting tips, visit:

https://intel.com/support/serverbios

Re: Re:LOG4J weakness in BMC interfaces

MASTEROFTHEHOUSE — Wed, 15 Dec 2021 13:22:31 GMT

[WAG-Ticket#5966177] Intel BMC Log4J

"I got a confirmation from BMC team that we don’t use Log4j module in our BMC. So it’s not affected."

Re:LOG4J weakness in BMC interfaces

Paul_R_Intel — Thu, 16 Dec 2021 04:20:31 GMT

Hello MASTEROFTHEHOUSE,

We are currently investigating your inquiry on our side, can you please share with us where you got that information from?

Regards

Paul R.

Intel Customer Support Technician

For firmware updates and troubleshooting tips, visit:

https://intel.com/support/serverbios

Re: Re:LOG4J weakness in BMC interfaces

MASTEROFTHEHOUSE — Thu, 16 Dec 2021 06:15:30 GMT

We received this information from a german manufacturer [Wortmann.de] of server systems which use the intel server mainboards in their systems. The information is directly out of their server support helpline and they got it from Intel.

Re:LOG4J weakness in BMC interfaces

Paul_R_Intel — Fri, 17 Dec 2021 00:14:47 GMT

Hello MASTEROFTHEHOUSE,

Thank you for the information provided, we are making an internal investigation so I will add that information and I will get back to you with the most accurate information.

Regards

Paul R.

Intel Customer Support Technician

For firmware updates and troubleshooting tips, visit:

https://intel.com/support/serverbios

Re:LOG4J weakness in BMC interfaces

Paul_R_Intel — Mon, 20 Dec 2021 01:25:45 GMT

Hello MASTEROFTHEHOUSE,

Thank you very much for your patience

Intel continues to investigate the impact of the Apache log4j security vulnerability (CVE-2021-44228 and CVE-2021-45046, cve-2021-45105) on our product portfolio. Intel has published INTEL-SA-00646 that lists the status of affected products. This advisory will be updated daily as new affected products are discovered and patches are released to address this vulnerability

You can find the INTEL-SA-00646 here:

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html

Please let us know if there is anything else that we can do for you. If I do not hear from you I will follow up in 2 business days.

Regards

Paul R.

Intel Customer Support Technician

For firmware updates and troubleshooting tips, visit:

https://intel.com/support/serverbios

Re:LOG4J weakness in BMC interfaces

Paul_R_Intel — Wed, 22 Dec 2021 01:21:39 GMT

Hello MASTEROFTHEHOUSE,

I hope you are doing great, we have not heard back from you, we will proceed to mark this thread as close, you can reopen it by replying back to this thread.

Thank you for choosing Intel.

Regards

Paul R.

Intel Customer Support Technician

For firmware updates and troubleshooting tips, visit:

https://intel.com/support/serverbios