CVE-2021-44228 or "Log4Shell" is a remote code execution zero-day vulnerability in the Apache Log4j2 library, originally disclosed on the project's GitHub on December 9, 2021 and published to the NIST National Vulnerability Database on December 10, 2021.
BeyondTrust has evaluated all our solutions and determined that two products listed below contained the vulnerable component. There is no known exploitable path to the component.
- Privilege Management (PM) Cloud
- Privilege Management Reporting (PMR): 21.2 (for BeyondInsight 21.3)
To further reduce risk, BeyondTrust has removed the affected library. This action removes the risk from future Log4J vulnerabilities discovered against the open-source library and ensures our solutions are secure against similar types of attacks.
Privilege Management Cloud Solutions have been automatically patched in our SaaS solution as of December 16, 2021.
BeyondTrust recommends that you upgrade to the latest version of your Privilege Management Reporting solutions for BeyondInsight.
For more information, please contact BeyondTrust technical support.