Would you like to be called free of charge by one of our advisors?

Our advisors are available from Monday to Friday at 9am to 12am and at 2pm to 6pm

Thank you, our adivisors will calling you.

 /

📢 New MFT Reporting

Discover the evaluation and ranking of all MFT software by IT professionals.

Learn more
Ask demo
fr / en /
Ask demo
fr / en /

Security Alert GoAnywhere MFT

par ESBD • 13 Dec 2021

 

🚨 MESSAGE 21/12/2021

Dear customers,

As promised, we will keep you updated on the evolution of the breaches.

A new operation as to be patched in order to correct the breach named CVE-2021-45105.

⬇ You will found the short description below :

Regarding CVE-2021-45105, Apache Log4j2 version 2.16 (included in the patch versions below) prevents evaluation of lookup patterns introduced outside of configuration; thus, customers only need to verify that the log4j2.xml configuration files located in the /config folder of their GoAnywhere products do not contain the vulnerable lookup pattern ${ctx:. The vulnerable lookup pattern is not included in the default logging configurations for GoAnywhere products.

Customers who previously manually updated their Log4j configuration files are advised to:

The above mitigation requires that customers upgraded to the patches announced December 17.

Thank you.

The ESBD Team

🚨 MESSAGE 17/12/2021

Dear customers,

We would like to follow up on our last emailing regarding the ‘Log4j2’ critical vulnerability published as CVE-2021-44228, and the breach published as CVE-2021-45046.

An update of the GoAnywhere patches are available.

This includes:

In addition, all patches that have been implemented should be removed and replaced with the new version incorporating Log4j2 v2.16 which fully fixes the 2 CVEs.

Patche Details

You can also find all the links and guides for updating GoAnywhere to your version below.

GoAnywhere updates

Our technical team thanks you for your patience and is at your disposal for assistance at the following email address support@esbd.eu.

Thank you,

ESBD Team

 

MESSAGE 14/12/2021

Dear customers,

On December 10 NIST published CVE-2021-44228 in response to the open-source Apache “Log4j2″ utility.

HelpSystems is actively monitoring this issue, investigating the potential impact on our products, and assembling the appropriate mitigations.

While the Log4j zero-day vulnerability does not appear to affect all Java versions, mitigation steps have been issued for GoAnywhere MFT.

For the latest guidance, please visit: https://www.goanywhere.com/cve-2021-44228-goanywhere-mitigation-steps.

The mitigation steps for the following products are enumerated below, and can be applied to assure the exploitable code is avoided when running any version of Java.

If you have earlier versions of our GoAnywhere software, you will need to upgrade before applying the system property.

GoAnywhere MFT mitigation details

For more information on this vulnerability:  https://nvd.nist.gov/vuln/detail/CVE-2021-44228

If you need additional details or assistance, please contact support@esbd.eu

Thank you,

ESBD

Subscribe to the newsletter

Staying in touch

Thank you for subscribing to our newsletter.