Overview
You may need to know if GFI LanGuard can detect whether the log4j vulnerability affects third-party software or not.
Information
- LanGuard cannot determine if a vulnerability affects a single piece of software on its own; for example, it cannot scan the code to see if log4j is being utilized by an application.
- LanGuard relies on information provided by third-party software suppliers; after they determine if their product is affected by this vulnerability and deliver an update to address the vulnerability, LanGuard will make it available to the supported third-party applications.
- The Content Team adds relevant CVEs for supported applications to the vulnerabilities database and distributes them via the automatically scheduled program updates that occur twice a week, usually on Wednesday and Friday. This could be why they haven't shown yet, as the vulnerability was identified too soon to last week's scheduled program upgrades.
- However, a request has already been made to the Content Team to see if there is anything else they can do to speed up the process of updating LanGuard's vulnerability database. Please keep in mind that LanGuard relies on the provision of 3rd-party software information/patches to detect and remedy this issue.