This week, we saw the announcement of a security issue related to the open-source Apache Java logging library “Log4j”, This vulnerability could potentially allow unauthorised access to any systems running the common Java-based logging software.

For our customers, using Supermicro Hardware, we have been advised that the only impacted application is Supermicro Power Manager (SPM).

We urge these customers to update Log4j 2 in the affected product (SPM) to version 2.17.0 in order to mitigate any risks. More information can be found here: https://www.supermicro.com/en/support/security/Apache_log4j2

Supermicro will also release an update to SPM version 1.11.1. For SPM (remote management software), a validation test is being performed with high priority in order to release the update ASAP. The current workaround is for IT Admin to perform IP whitelisting to control and limit access to SPM.

For our customers using Gigabyte hardware, there are 2 products that have been flagged as requiring updates, GSM Server and GSM Agent. The relevant software patches and more information can be found here: https://www.gigabyte.com/Support/Security/1963

We will continue monitoring the situation and provide any updates as they become available. If you need additional details or assistance, please get in touch.

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *