Is GroundWork Monitor affected by CVE-2021-44228? GroundWork routinely scans released and supported versions for critical vulnerabilities.
For example, on Friday, December 10th, 2021 we scanned GroundWork Monitor Enterprise Edition (EE) versions 8.2.0 and 8.2.1 for the Log4Shell CVE-2021-44228 zero-day vulnerability. On Monday, December 13th, 2021 we also scanned versions 7.2.1, 8.1.3, 8.2.0 and 8.2.1 using updated signatures that came out over the weekend. Our engineers also hand-reviewed the systems to see if any known exploitable configurations exist. The results indicate that GroundWork Monitor (EE) 7.2.1 is not vulnerable. While there is a vulnerable version of log4j 2.11.1 in a few containers in version 8.x, there is no opportunity to exploit it remotely. So no action is needed to secure any supported GroundWork Monitor system for this vulnerability.
Our engineers have provided a set of recommended actions to take nonetheless. If you are the cautious type, and you have the time to remove the code that is technically vulnerable and may raise alerts on security scanning systems, you can do one of the following:
If you have GroundWork Monitor (EE) 8.1.3 or 8.2.0, we recommend upgrading to 8.2.1 and selecting not to run Elasticsearch, Logstash, and Curator.
If you have GroundWork Monitor (EE) 8.2.1 and are running Elasticsearch, Logstash and Kibana, replace your docker-compose.yml file with a version that disables these optional containers. GroundWork Support can provide such a replacement on request.
If you have GroundWork Monitor (EE) 7.2.1, while it will not affect this vulnerability, we recommend migrating to 8.2.1 and selecting not to run Elasticsearch, Logstash, and Curator regardless.
Announcing our latest version GroundWork Monitor Enterprise Edition (EE), 8.2.1, now available for download, offering several enhancements and two additions to the suite of TCG connectors
The GroundWork Team is proud to announce a new update to GroundWork Monitor, version 8. This is the GroundWork Monitor Enterprise Edition (EE) 8.2.1, and will be the last version for the year. We are adding features that you, our loyal customers, asked for, and one or two that we thought you would like in the future. Also, we are rolling all the patch levels we released for version 8.2.0 up into this release as well.
GroundWork Desk powered by Invicta Software, is a help desk ticketing system now available for GroundWork Monitor Enterprise.
GroundWork Desk for Help Desk ticketing. GroundWork Monitor does monitoring and alerting, but this is only part of what you need to run an IT shop. Engineers, DevOps, and technicians all need to know they are always working on the most important things, without having to think about the relative priority of a given task. That’s why we are adding GroundWork Desk to GroundWork Monitor Enterprise.
GroundWork Desk (powered by Invicta Software) is a help desk ticketing system, closely integrated with GroundWork Monitor. If GroundWork can monitor it, you can get a ticket on it when it needs attention. This new product makes the need for expensive and complex integrations with other help desk products obsolete – just use GroundWork Desk!
Privacy & Cookies Policy
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.