Customer Advisory

virtalis logo

Important information concerning Virtalis Reach and CVE-2021-44228 Log4j

You are receiving this email because you currently subscribe to or are evaluating Virtalis Reach.

A critical security vulnerability CVE-2021-44228 Log4j has been identified in a common, third-party software component which is used by Virtalis Reach. This security vulnerabilty may, in some circumstances, enable a remote attacker to execute arbitrary code within the containers on your Virtalis Reach server.

The scope of any unauthorized activity will be limited by the Kubernetes network policy for Virtalis Reach and the strict access controls which are not affected. Nevertheless Virtalis consider this vulnerability to be critical and in need of urgent attention.

Required action

You should should install or upgrade your installation to 2021.5.

If you are installing Virtalis Reach for the first time at version 2021.5, then you should follow the steps in the setup and configuration guide only.

www.virtalis.com/chapter/deploying-virtalis-reach-on-a-kubernetes-cluster

If you are upgrading to version 2021.5 from a previous release, then you should follow the upgrade instructions:

Upgrading Virtalis Reach from Version 2021.4.0 to 2021.5.0 | Virtalis Reach Help

If you have deployed the monitoring stack then you should upgrade it by following the "Set up the deployment shell" and "Installing Elasticsearch, Kibana, Filebeat" sections in the "Deploying The Monitoring Service Stack" guide.

Deploying The Virtalis Reach Monitoring Service Stack | Virtalis Reach Help

If you have LogStash installed, but are not using it for any other service, then it can be uninstalled without impacting your Virtalis Reach installation.

Otherwise you should disable it, or update Logstash to v7.16.1.

To disable Logstash:.


To update Logstash:

LogStash will no longer be installed with Virtalis Reach, so if you still require it you must manually install future updates to this service.

More information

Detailed information regarding CVE-2021-44228 can be found here

NVD - CVE-2021-44228

If you have questions please contact Virtalis Support.

Print page