Security Advisory: Apache Log4j 2 Vulnerabilities
CVE-2021-44228, CVE-2021-45046, CVE-2021-45105
Updated: January 28, 2022
Keysight is aware of the recently disclosed Apache Log4j 2 vulnerabilities (CVE-2021-44228, CVE-2021-45046, CVE-2021-45105).
Keysight has assessed our complete product portfolio and determined that only the products below are impacted1. Mitigation information can be found in the links provided.
Product | Mitigation |
CloudLens 6.0 forward | Visit Ixia Security Advisory |
CloudLens vPB | Visit Ixia Security Advisory |
CloudlLens Self-Hosted / vTap Capability | Visit Ixia Security Advisory |
CyPerf | Visit Ixia Security Advisory |
Eagle | Visit Ixia Security Advisory |
Eggplant Functional IBM Rational Quality Manager (RQM) Adapter | Visit Eggplant Security Advisory |
Eggplant Manager | Visit Eggplant Security Advisory |
Flexera lmadmin - License Server Manager | Updated install packages are available at: Keysight License Server |
Hawkeye | Visit Ixia Security Advisory |
Network Visibility Operating System on Keysight Network Packet Brokers software version 4.x, 5.x | Visit Ixia Security Advisory |
PathWave Manufacturing Analytics | Keysight-hosted instances patched as of 12/15/2021. Keysight will contact customers to arrange patching for locally-hosted instances. |
Spirent TTworkbench | Keysight is currently qualifying an update of TTworkbench distributed with some of our charging system test solutions. An update will be provided when available. |
UHD100T32 | Visit Ixia Security Advisory |
Visibility Application Module - Used for Active SSL/Inline SSL/Out of Band SSL with Vision ONE [MV1-ASSL-1G/2G/4G/10G] | Visit Ixia Security Advisory |
Visibility Application Module with SIP/RTP Correlation SW Package [MV1-MS-SRC] | Visit Ixia Security Advisory |
Vision X Application Module (MVX-AM4-PC) running any of the MobileStack SW License Packages | Visit Ixia Security Advisory |
For more information on the vulnerability, please review the following vulnerability descriptions: (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228, https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046 and https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45105) and the Apache Log4j 2 (https://logging.apache.org/log4j/2.x/index.html) post.
For additional questions, please contact Keysight.
1 Keysight used commercially reasonable efforts to compile the list of products affected by the Apache Log4j 2 vulnerability. Keysight offers this information for your convenience and does not warrant it is complete
Want help or have questions?