HP Device Manager affected by Log4j Vulnerability?

RaulG1 · ‎12-13-2021

I noticed the HP Device Manager uses Log4j binaries.

Was wondering if HP is going to address this hopefully sooner than later.

MartyWire · ‎12-16-2021

has there been any update on this at all?

BergmanIT · ‎12-20-2021

Still no update?

Shane88 · ‎12-21-2021

According to this HP Webpage, Device Manager is not affected.

https://support.hp.com/gb-en/document/ish_5285798-5285675-16

Alex846 · ‎12-29-2021

attacker performs an HTTP request against a target system, which generates a log using Log4j 2 that leverages JNDI to perform a request to the attacker-controlled site. The vulnerability then causes the exploited process to reach out to the site and execute the payload. In many observed attacks, the attacker-owned parameter is a DNS logging system, intended to log a request to the site to fingerprint the vulnerable systems.

TelltheBell

JWhite001 · ‎01-09-2022

Hi there, Can anyone quantify macys employeeconnection the actual risk to say an N-able server? Is direct access to the server required to take advantage of this, or could it be exploited by someone externally if they can either see the login page or if they are somehow able to sign in to the krogerfeedback.com RMM admin portal? I would think it's the former but trying to wrap my head around just how vulnerable systems are that are running log4j on them.

Create an account on the HP Community to personalize your profile and ask a question