The Tenable research team is working around the clock to bring you the latest information on CVE-2021-44228 and how attackers are taking advantage of the flaw.
Webinar: Vulnerability Alert - Responding to Log4Shell in Apache Log4j
Webinar: Join these live how-to sessions
- Blog | One in 10 Assets Assessed Are Vulnerable to Log4Shell
- Blog | CVE-2021-44228, CVE-2021-45046, CVE-2021-4104: Frequently Asked Questions About Log4Shell and Associated Vulnerabilities
- Blog | CVE-2021-44228: Proof-of-Concept for Critical Apache Log4j Remote Code Execution Vulnerability Available (Log4Shell)
- Blog | Apache Log4j Flaw Puts Third-Party Software in the Spotlight
- Blog | Log4Shell: 5 Steps The OT Community Should Take Right Now
- KB | Latest Plugins Associated with Log4Shell
- KB | Log4Shell Frequently Asked Questions
- KB | Using plugin 155998 from Tenable Core + Nessus
- KB | Overview of Callbacks in Log4Shell Remote Detection Plugins
- KB | Tenable Log4Shell Scan Templates Overview
- KB | Detailed information on the six NASL plugins and one WAS plugin to detect Log4Shock
- KB | Overview of callbacks in Log4j Remote Detection Plugins
Find out the latest guidance on how to leverage Tenable’s full portfolio, from Nessus Essentials to Tenable.io, to identify where you are vulnerable to Log4Shell.
- Video | Using Tenable.io to detect CVE-2021-44228
- Video | Using Tenable.sc to detect CVE-2021-44228
- Video | Using Tenable Web-App Security to detect CVE-2021-44228
- Video | Using Nessus to detect CVE-2021-44228
- Video | Discovering Log4Shell (CVE-2021-44228) vulnerabilities: Tenable.ot
- Community | Visit the Log4Shell group on the Tenable community to find further resources on how to secure every attack path against attackers leveraging CVE-2021-44228
Statement Regarding Log4jBob Huber, CISO Tenable
Some of you have asked whether Tenable is vulnerable to the Apache Log4j Remote Code Execution Vulnerability. No, none of Tenable’s products are running the version of Log4j vulnerable to CVE-2021-44228 or CVE-2021-45046 at this time.
Consistent with our cybersecurity practices, we have actioned all indicators of compromise, artifacts and updated our detections and protections related to this activity. In addition, we are closely monitoring our own software development practices.
Furthermore, the security and availability of our systems, products and customer and partner data are of the utmost importance to us. Tenable has implemented a robust information security management system with a specific focus on providing secure products and services for employees, customers and partners.
As part of our secure software development lifecycle (SSDLC) and quality processes, Tenable performs peer code reviews of all source code, static application security testing, dynamic application security testing, container security scans, third party dependency reviews and vulnerability scans.
We remain deeply committed to the security and protection of our customers, our products and the broader community.