Cloud Platform
Support
Contact us

We Are Here To Help

Please find below up-to-date information, resources, and assistance on how to get a handle on the Log4Shell vulnerability

Latest Updates

January 14, 2022 3:00 PM ET

December 29, 2021 3:00 PM ET

  • New QIDs to address CVE-2021-44832 were released on December 29, 2021, at 3 PM ET with VULNSIGS-2.5.366-2 or later. Please review Qualys KB for CVE-2021-44832 to find all QIDs for this CVE.

December 22, 2021 7:53 PM ET

  • A bug in external scanners could result in false negatives when unauthenticated Log4Shell scans were run with external scanners. This issue is now resolved, and the fix will be rolled out by 11 PM ET today.

December 22, 2021 5:55 AM ET

  • Added information about new rule and dashboard in CSAM to quickly figure out the vulnerable software and hosts.

December 20, 2021 1:00 PM ET

  • Qualys is aware of false negatives for QID 376160, 376195 and 376193. They read the file generated by the Qualys Log4j Scan Utility and the signatures for addressing them are released at 1 PM ET on Dec 20th. They are part of VULNSIGS-2.5.359-3 or later.

December 18, 2021 9:00 PM ET

  • Two new QIDs (376194, 376195) to address CVE-2021-45105 (Log4j < 2.17) were released at 9 PM ET on Dec 18th. They are part of VULNSIGS-2.5.357-9 or later.

View all updates

More Qualys applications to help security teams protect, detect and respond to Log4Shell exploits

CyberSecurity Asset Management

Find and manage cybersecurity risks in IT assets. Qualys CSAM continuously inventories assets, applies business criticality and risk context, detects security gaps, and responds with appropriate actions to mitigate risk.

Learn more

Endpoint Detection and Response

Accurately detect and respond to attacks across all endpoints. Qualys Multi-Vector EDR brings a new multi-vector approach to EDR, providing vital context and full visibility into the entire attack chain – from prevention to detection to response.

Learn more

Patch Management

Streamline and accelerate vulnerability remediation for all your IT assets. Qualys Patch Management automatically correlates vulnerabilities to patch deployments so you can remediate quickly, proactively, and consistently.

Learn more

Qualys Cloud Platform Status

We are continuously monitoring all our environments for any indication of active threats and exploits. With these measures, we are confident that necessary mitigations and remediation are in place to block and prevent any exploits of Log4j RCE and there is no impact on Qualys scanners, Cloud Agent, systems or customer data. We will continue to monitor our environment round the clock and implement additional measures as required.