December 15, 2021

An update on the impact of the Apache Log4j CVE-2021-44228 vulnerability on Samsung Knox cloud services

Samsung Knox News

On December 9th, the Apache Software Foundation announced that Log4J, a popular open-source logging framework for Java, was discovered to contain a remote code execution (RCE) vulnerability identified as CVE-2021-44228, named Log4Shell. This is an industry-wide vulnerability that requires attention for your entire software environment, and not just for Samsung Knox cloud services.

Log4Shell allows an attacker to execute arbitrary code by remotely triggering log messages with command payloads on services and systems, bypassing network security controls. The Samsung Knox team treats this issue with critical importance. To summarize the assessment of CVE-2021-44228 and also CVE-2021-45046 on Samsung Knox cloud services:

Vulnerability found & fixed: 

  • Knox Reseller Portal - Fixed Dec 14, 2021
  • Knox Manage - Fixed Dec 13, 2021

No vulnerability found:

  • Knox Admin Portal
  • Knox Mobile Enrollment
  • Knox Configure
  • Knox Asset Intelligence
  • Knox E-FOTA One 
  • Knox Managed Services Provider (MSP)
  • Knox Guard
  • Knox License Management 

As of December 14th, both CVE-2021-44228 and CVE-2021-45046 have been mitigated with the recommended fix provided by the Apache Software Foundation. This fix has been deployed on the Knox Reseller Portal and Knox Manage, the two affected Knox cloud services. 

We will continue assessing and neutralizing any potential further risk to ensure the security of our Knox cloud services, your data, and your systems.

The Samsung Knox team

[Icon] close

Get started with Samsung Knox

[Icon] suitcase
Are you a reseller, solution provider, or service provider?

Become a Knox Partner and grow your business today.

[Icon] info

Select a Knox product to start with:

All-in-one Bundle
Knox Suite
Rebranding and Customization
Knox Configure
Fraud and Theft Protection
Knox Guard
Device Protection Plan
Samsung Care+ for Business
Other products & services

Get started with

[Image] Knox Suite

All-in-one solution bundle for enterprise mobility.

  • Get a free 90-day trial for up to 30 devices.
  • A complete set of tools to secure, deploy, manage, and analyze your corporate devices.
  • Try powerful features bundled with Knox Suite.

Knox Suite includes:

Knox Mobile Enrollment Free
Knox Manage
Knox Asset Intelligence
Knox Platform for Enterprise Free
Knox Remote Support
Knox Capture
Knox Authentication Manager

Get started with

[Image] Knox Configure Logo

Rebrand and customize your Samsung devices.

  • Get a free 90-day trial for up to 30 devices.
  • Remotely configure Samsung devices in bulk and tailor them to specific needs, right out of the box.
  • Set up your devices for a one-time deployment, or update them as much as you want.

Get started with

[Icon] Knox Guard Logo

Fraud and theft protection for Samsung devices.

  • Get a free 90-day trial for up to 30 devices.
  • Reduce financial risks and protect assets by remotely controlling Samsung devices.
  • Try all the features of Knox Guard, including SIM control and device locking.

Get started with

[Image] Samsung Care Plus For Business Logo

Device protection plans for your Samsung devices.

  • Limit business interruptions with quick device repairs and replacements. Contact the Samsung sales team to get started.
  • See all your device coverage and claim information in one place.
  • Already purchased Samsung Care+ for Business? Create an account and activate your plan on the Samsung Care+ for Business console.

Other products & services

[Image] Others logo

Modern solutions to address your unique needs.