Aruba normally issues
security advisories for vulnerabilities that are present, but not for those that do not affect Aruba products.
If you need an authoritative answer, please contact TAC, but I have seen answers in the line that after investigations by the internal security and product teams there are no indications that the log4j vulnerability affects any Aruba product.I'll try to update this post if at some point official communication appears, but for now, reaching out to TAC is the way to get an official statement.Just got the official statement for the Aruba SIRT:
After investigating with the product teams and performing different tests in the Aruba products, Aruba SIRT has determined that no Aruba product is vulnerable to CVE-2021-44228.
Should anything change, a Security Advisory will be published on https://www.arubanetworks.com/support-services/security-bulletins
UPDATE: Bulletin posted:
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Dec 13, 2021 01:49 AM
From: Unknown User
Subject: status products affected by log4j (CVE-2021-44228) vulnerability?
perhaps im not looking where i should but im not finding any information on which products are and aren't affected by the log4j vulnerability.
has anyone heard something or have a link to share?