Server Products
Data Center Products including boards, integrated systems, Intel® Xeon® Processors, RAID Storage, and Intel® Xeon® Processors
4778 Discussions

LOG4J weakness in BMC interfaces

MASTEROFTHEHOUSE
Beginner
‎12-14-2021 10:01 AM
1,356 Views

Hello is anybody aware if we have in all intel server mainboards using a bmc interface a problem with the Java LOG4J weakness?

0 Kudos

Link Copied

7 Replies
Paul_R_Intel
Moderator
‎12-14-2021 07:06 PM
1,340 Views

Hello MASTEROFTHEHOUSE, 

 

Thank you for joining the community.


Intel's security teams are aware of this issue and are in the process of investigating the impact of the Apache log4j security vulnerability on Intel products/software.


As with all security vulnerabilities, this is being treated as a high priority within Intel and Intel will provide updates as our investigation progresses.


Regards 

 

Paul R. 

Intel Customer Support Technician 

For firmware updates and troubleshooting tips, visit: 

https://intel.com/support/serverbios 


0 Kudos
Copy link
MASTEROFTHEHOUSE
Beginner
‎12-15-2021 05:22 AM
1,319 Views
In response to Paul_R_Intel

[WAG-Ticket#5966177] Intel BMC Log4J

 

"I got a confirmation from BMC team that we don’t use Log4j module in our BMC. So it’s not affected."

In response to Paul_R_Intel
0 Kudos
Copy link
Paul_R_Intel
Moderator
‎12-15-2021 08:20 PM
1,293 Views

Hello MASTEROFTHEHOUSE, 


We are currently investigating your inquiry on our side, can you please share with us where you got that information from?


Regards 

 

Paul R. 

Intel Customer Support Technician 

For firmware updates and troubleshooting tips, visit: 

https://intel.com/support/serverbios 



0 Kudos
Copy link
MASTEROFTHEHOUSE
Beginner
‎12-15-2021 10:15 PM
1,275 Views
In response to Paul_R_Intel

We received this information from a german manufacturer [Wortmann.de] of server systems which use the intel server mainboards in their systems. The information is directly out of their server support helpline and they got it from Intel.  

In response to Paul_R_Intel
0 Kudos
Copy link
Paul_R_Intel
Moderator
‎12-16-2021 04:14 PM
1,252 Views


Hello MASTEROFTHEHOUSE, 


Thank you for the information provided, we are making an internal investigation so I will add that information and I will get back to you with the most accurate information.


Regards 

 

Paul R. 

Intel Customer Support Technician 

For firmware updates and troubleshooting tips, visit: 

https://intel.com/support/serverbios 


0 Kudos
Copy link
Paul_R_Intel
Moderator
‎12-19-2021 05:25 PM
1,214 Views

Hello MASTEROFTHEHOUSE,  


Thank you very much for your patience  


Intel continues to investigate the impact of the Apache log4j security vulnerability (CVE-2021-44228 and CVE-2021-45046, cve-2021-45105) on our product portfolio. Intel has published INTEL-SA-00646 that lists the status of affected products. This advisory will be updated daily as new affected products are discovered and patches are released to address this vulnerability


You can find the INTEL-SA-00646 here: 



Please let us know if there is anything else that we can do for you. If I do not hear from you I will follow up in 2 business days. 


Regards 



Paul R. 

Intel Customer Support Technician 

For firmware updates and troubleshooting tips, visit: 

https://intel.com/support/serverbios 




0 Kudos
Copy link
Paul_R_Intel
Moderator
‎12-21-2021 05:21 PM
1,160 Views

Hello MASTEROFTHEHOUSE,  


I hope you are doing great, we have not heard back from you, we will proceed to mark this thread as close, you can reopen it by replying back to this thread.


Thank you for choosing Intel.


Regards 



Paul R. 

Intel Customer Support Technician 

For firmware updates and troubleshooting tips, visit: 

https://intel.com/support/serverbios 



0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.