A critical remote code execution vulnerability in Apache Log4j (a logging tool used in many Java applications) was disclosed on December 9, 2021. This vulnerability is described in CVE-2021-44228. This advisory also covers CVE-2021-45046 and CVE-2021-4104.
Similar to industry users of Apache Log4j, NI has investigated to determine which products are affected by this. Maintaining the safety and security of all NI products and customer information remains our top priority. If more information on these vulnerabilities becomes available, we will conduct further investigation and report on affected products, mitigations, and/or patches on this advisory.
NI has completed investigation on the impact of these vulnerabilities on our products. If more information on these vulnerabilities becomes evident, we will conduct further investigation and release updates to the Affected Products table at that time.
If you are using NI products other than those explicitly listed below, no further action is required by you at this time.
|NI-STAR 700 (using APC PowerChute)||Apply mitigations or update to APC PowerChute Business Edition v10.0.5 or newer|
|OptimalPlus (Limited to deployments running Vertica, Cloudera, or Logstash)||Contact Technical Support|
CVE-2021-44228 – 10.0 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
At NI, we view the security of our products as an important part of our commitment to our customers. Go to ni.com/security to stay informed and act upon security alerts and issues.