Wednesday, 15 December 2021 22:20

Apache Log4j2 vulnerability and Citrix

As you most likely know, Apache Log4j, the open source Apache logging library, also known as Log4Shell, has a highly critical zero‑day vulnerability as described in CVE-2021-44228. It comes with a severity score of 10 out of 10. The fix provided for it earlier in the respective CVE, appeared to be incomplete and a second one is being provided since, in CVE-2021-45046.

To make things clear: GripMatix Management Packs are not affected , as we do not use Apache Log4j.

Citrix Virtual Apps and Desktops, License Server, StoreFront, Provisioning Server and Application Delivery Controller products are not affected either. However, the latter could help mitigate the vulnerability.

For any questions regarding the impact of the Log4j vulnerability related to your Citrix products you could go to the Citrix Support Forum or Citrix Knowledge Center.

We believe in no-nonsense tooling to help organizations
leveraging the quality of their IT infrastructure and applications to
improve Business Continuity and Performance to the limits.