Server Products
Data Center Products including boards, integrated systems, Intel® Xeon® Processors, RAID Storage; and Intel® Xeon® Processors
4462 Discussions

LOG4J weakness in BMC interfaces

MASTEROFTHEHOUSE
Beginner
851 Views

Hello is anybody aware if we have in all intel server mainboards using a bmc interface a problem with the Java LOG4J weakness?

0 Kudos
7 Replies
Paul_R_Intel
Moderator
835 Views

Hello MASTEROFTHEHOUSE, 

 

Thank you for joining the community.


Intel's security teams are aware of this issue and are in the process of investigating the impact of the Apache log4j security vulnerability on Intel products/software.


As with all security vulnerabilities, this is being treated as a high priority within Intel and Intel will provide updates as our investigation progresses.


Regards 

 

Paul R. 

Intel Customer Support Technician 

For firmware updates and troubleshooting tips, visit: 

https://intel.com/support/serverbios 


MASTEROFTHEHOUSE
Beginner
814 Views

[WAG-Ticket#5966177] Intel BMC Log4J

 

"I got a confirmation from BMC team that we don’t use Log4j module in our BMC. So it’s not affected."

Paul_R_Intel
Moderator
788 Views

Hello MASTEROFTHEHOUSE, 


We are currently investigating your inquiry on our side, can you please share with us where you got that information from?


Regards 

 

Paul R. 

Intel Customer Support Technician 

For firmware updates and troubleshooting tips, visit: 

https://intel.com/support/serverbios 



MASTEROFTHEHOUSE
Beginner
770 Views

We received this information from a german manufacturer [Wortmann.de] of server systems which use the intel server mainboards in their systems. The information is directly out of their server support helpline and they got it from Intel.  

Paul_R_Intel
Moderator
747 Views


Hello MASTEROFTHEHOUSE, 


Thank you for the information provided, we are making an internal investigation so I will add that information and I will get back to you with the most accurate information.


Regards 

 

Paul R. 

Intel Customer Support Technician 

For firmware updates and troubleshooting tips, visit: 

https://intel.com/support/serverbios 


Paul_R_Intel
Moderator
709 Views

Hello MASTEROFTHEHOUSE,  


Thank you very much for your patience  


Intel continues to investigate the impact of the Apache log4j security vulnerability (CVE-2021-44228 and CVE-2021-45046, cve-2021-45105) on our product portfolio. Intel has published INTEL-SA-00646 that lists the status of affected products. This advisory will be updated daily as new affected products are discovered and patches are released to address this vulnerability


You can find the INTEL-SA-00646 here: 



Please let us know if there is anything else that we can do for you. If I do not hear from you I will follow up in 2 business days. 


Regards 



Paul R. 

Intel Customer Support Technician 

For firmware updates and troubleshooting tips, visit: 

https://intel.com/support/serverbios 




Paul_R_Intel
Moderator
655 Views

Hello MASTEROFTHEHOUSE,  


I hope you are doing great, we have not heard back from you, we will proceed to mark this thread as close, you can reopen it by replying back to this thread.


Thank you for choosing Intel.


Regards 



Paul R. 

Intel Customer Support Technician 

For firmware updates and troubleshooting tips, visit: 

https://intel.com/support/serverbios 



Reply