Software Storage Technologies
Virtual RAID, RSTe, and Memory Drive Technology
Announcements
Looking for our RealSense Community? Click HERE

Looking for RAID, VROC? You found the forum to ask questions!
309 Discussions

Log4j vulnerability - security inquiry

JJK1
Beginner
‎12-23-2021 02:45 AM
1,926 Views

I couldn't find this information in this document: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html

So I'd like to ask if we can suspect Log4J vulnerability in these products:

  1. Intel RAID Web Console, v.2 and v.3
  2. Management interface of MFSYS-25 blade server. I know it is not the right Board for that product, but maybe you can learn of it internally. Please let me know if have to create question about MFSYS-25 in another Board.
0 Kudos

Link Copied

4 Replies
BrusC_Intel
Employee
‎12-23-2021 02:49 PM
1,906 Views

Hello, JJK1.


Thank you for posting on the Intel Community Support Forums.


I received your thread regarding the Log4j vulnerabilities, and I will be glad to assist you moving the thread to the appropriate community section.


One of my colleagues will contact you back as soon as possible.


Best regards,


Bruce C.

Intel Customer Support Technician


0 Kudos
Copy link
AdrianM_Intel
Employee
‎12-23-2021 03:19 PM
1,904 Views

Hello JJK1,

 

Thank you for posting on the Intel® communities.

 

Intel Customer Service no longer supports inquiries for Intel® Modular Server Chassis MFSYS25, but perhaps fellow community members have the knowledge to jump in and help.

 

In regards to the Log4j2 Vulnerabilities (CVE-2021-44228 & CVE-2021-45046), I would like to inform the following: 

 

Intel continues to investigate the impact of the Apache log4j security vulnerability (CVE-2021-44228 and CVE-2021-45046, cve-2021-45105) on our product portfolio. Intel has published INTEL-SA-00646 which lists the status of affected products. This advisory will be updated daily as new affected products are discovered and patches are released to address this vulnerability.

 

Regards,

 

Adrian M.

Intel Customer Support Technician

 

0 Kudos
Copy link
JasonP
Beginner
‎12-26-2021 08:13 PM
1,812 Views

RWC2 has the affected libraries so I would assume it is vulnerable unless Intel specifically announce it isn't. RWC2 is an old program and I would be surprised if it is fixed as I would expect it to be EOL.

I have read elsewhere that RWC3 is not a java program and doesn't use the log4j libraries. This is not official information from Intel. There is some support for older RAID controllers in RWC3 (see below) so we have fortunately been able to update to RWC3 for the particular controllers we are still using. 

From the readme notes, these are the supported controllers for RWC3:

Supported Intel RAID and Storage Controllers
Tri-mode modules and adapters
Intel® RAID Adapter RS3P4TF160F, RSP3DD080F, RSP3MD088F, RSP3TD160F, RSP3WD080E
Intel® RAID Module RMSP3AD160F, RMSP3CD080F RMSP3HD080E
Intel® Storage Adapter RS3P4QF160J¹, RS3P4GF016F¹, RSP3QD160J¹, RSP3GD016J¹
Intel® Storage Module RMSP3JD160J¹

12 Gb/s modules and adapters
Intel® Integrated RAID Module RMS3AC160, RMS3CC040, RMS3CC080, RMS3HC080, RMS3JC080¹, RMS3VC160¹
Intel® RAID Controller RS3DC040, RS3DC080, RS3FC044¹, RS3GC008¹, RS3MC044, RS3SC008, RS3UC080¹, RS3UC080J¹, RS3WC080

12Gb/s Bridge boards and embedded controllers
Intel Integrated RAID RS3YC (Integrated controller on Intel Server Board S2600CW2SR / S2600CWTSR / S2600CW2S / S2600CWTS)
Intel Integrated RAID RMSP3LD060 (Integrated controller on AHWBPBGB24R)
Intel RAID Controller RS3LC5 (Integrated controller on AHWBP12GBGBR5 / AHWKPTP12GBGBR5)
Intel RAID Controller RS3LC (Integrated controller on AHWBP12GBGB / AHWKPTP12GBGBR)
Intel RAID Controller RS3KC¹ (Integrated controller on AHWBP12GBGBIT / AHWKPTP12GBGBIT)
Intel RAID Controller RS3PC¹ (Integrated controller on AHWBPBGB24 for / FHWKPTPBGB24)
Intel® Embedded Server RAID Technology 2

Limited supported controllers:
6 Gb/s modules and adapters
Intel® Integrated RAID Module RMS25PB080(N), RMS25PB040, RMS25CB080(N), RMS25CB040, RMS25JB040¹, RMS25JB080¹, RMS25KB040¹, RMS25KB080¹, RMS25LB080
Intel® RAID Controller RS25AB080, RS25SB008, RS25DB080, RS25NB008, RS25FB044¹, RS25GB008¹

¹RWC3 is limited to display the history of persistent events only for these controllers.

 

0 Kudos
Copy link
SergioS_Intel
Moderator
‎12-28-2021 08:13 PM
1,791 Views

Hello JJK1,


As we mentioned in our previous post, as this product is being discontinued, Intel Customer Service no longer supports inquiries for it, but perhaps fellow community members have the knowledge to jump in and help.


 You may also find the Discontinued Products website https://community.intel.com/t5/Product-Support-Forums/ct-p/product-support-forums helpful to address your request. 


Thank you for understanding. 



Best regards,

Sergio S.

Intel Customer Support Technician

For firmware updates and troubleshooting tips, visit :https://intel.com/support/serverbios


0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.