Server Products
Data Center Products including boards, integrated systems, Intel® Xeon® Processors, RAID Storage, and Intel® Xeon® Processors
4778 Discussions

LOG4J weakness in BMC interfaces

MASTEROFTHEHOUSE
Beginner
1,358 Views

Hello is anybody aware if we have in all intel server mainboards using a bmc interface a problem with the Java LOG4J weakness?

0 Kudos
7 Replies
Paul_R_Intel
Moderator
1,342 Views

Hello MASTEROFTHEHOUSE, 

 

Thank you for joining the community.


Intel's security teams are aware of this issue and are in the process of investigating the impact of the Apache log4j security vulnerability on Intel products/software.


As with all security vulnerabilities, this is being treated as a high priority within Intel and Intel will provide updates as our investigation progresses.


Regards 

 

Paul R. 

Intel Customer Support Technician 

For firmware updates and troubleshooting tips, visit: 

https://intel.com/support/serverbios 


0 Kudos
MASTEROFTHEHOUSE
Beginner
1,321 Views

[WAG-Ticket#5966177] Intel BMC Log4J

 

"I got a confirmation from BMC team that we don’t use Log4j module in our BMC. So it’s not affected."

0 Kudos
Paul_R_Intel
Moderator
1,295 Views

Hello MASTEROFTHEHOUSE, 


We are currently investigating your inquiry on our side, can you please share with us where you got that information from?


Regards 

 

Paul R. 

Intel Customer Support Technician 

For firmware updates and troubleshooting tips, visit: 

https://intel.com/support/serverbios 



0 Kudos
MASTEROFTHEHOUSE
Beginner
1,277 Views

We received this information from a german manufacturer [Wortmann.de] of server systems which use the intel server mainboards in their systems. The information is directly out of their server support helpline and they got it from Intel.  

0 Kudos
Paul_R_Intel
Moderator
1,254 Views


Hello MASTEROFTHEHOUSE, 


Thank you for the information provided, we are making an internal investigation so I will add that information and I will get back to you with the most accurate information.


Regards 

 

Paul R. 

Intel Customer Support Technician 

For firmware updates and troubleshooting tips, visit: 

https://intel.com/support/serverbios 


0 Kudos
Paul_R_Intel
Moderator
1,216 Views

Hello MASTEROFTHEHOUSE,  


Thank you very much for your patience  


Intel continues to investigate the impact of the Apache log4j security vulnerability (CVE-2021-44228 and CVE-2021-45046, cve-2021-45105) on our product portfolio. Intel has published INTEL-SA-00646 that lists the status of affected products. This advisory will be updated daily as new affected products are discovered and patches are released to address this vulnerability


You can find the INTEL-SA-00646 here: 



Please let us know if there is anything else that we can do for you. If I do not hear from you I will follow up in 2 business days. 


Regards 



Paul R. 

Intel Customer Support Technician 

For firmware updates and troubleshooting tips, visit: 

https://intel.com/support/serverbios 




0 Kudos
Paul_R_Intel
Moderator
1,162 Views

Hello MASTEROFTHEHOUSE,  


I hope you are doing great, we have not heard back from you, we will proceed to mark this thread as close, you can reopen it by replying back to this thread.


Thank you for choosing Intel.


Regards 



Paul R. 

Intel Customer Support Technician 

For firmware updates and troubleshooting tips, visit: 

https://intel.com/support/serverbios 



0 Kudos
Reply