Statement from Stamus Networks regarding the recent Log4j 2 vulnerability
On December 10, 2021, NIST published a Common Vulnerabilities and Exposure (CVE) alert identifying a new zero day in the Java logging library Apache Log4j which can result in full server takeover. This critical alert - CVE-2021-44228 - applies to Java applications that use this library.
You may read more in these online resources:
Stamus Networks does not use this library in any of its proprietary software systems. However it is used by several components of the ELK stack (Elasticsearch, Logstash and Kibana) which are embedded in our Stamus ND, Stamus NDR, and Stamus Probe Management systems.
The developers of the ELK stack, Elastic, have determined that Logstash and Elasticsearch do indeed contain this vulnerability, and they have identified a fix.
Our research team has reviewed the available literature, evaluated our software architecture, and consulted with our software partners, including Elastic.
We have concluded that there is very little risk of an exploit in the components we know to be vulnerable, Logstash and Elasticsearch. However, out of an abundance of caution we developed a patch for Stamus ND/NDR that fixes the vulnerability in the currently embedded version of Logstash (6.8.10) and Elasticsearch (6.8.10).
And we have notified our customers of its availability.
If you have any questions please feel free to contact us: support@stamus-networks.com
ABOUT STAMUS NETWORKS
Stamus Networks is the global leader in Suricata-based network security and the creator of the innovative Clear NDR™ system. Designed to close visibility gaps and reduce alert fatigue, Clear NDR transforms raw network traffic into actionable security insights with unmatched transparency, customization, and effectiveness. Trusted by leading financial institutions, government agencies, and participants in NATO’s largest cybersecurity exercises, Stamus Networks delivers proven, high-performance network detection and response solutions. Stamus empowers security teams – delivering clarity amidst complexity – with greater control, fewer false positives, faster response times, and a more responsive, open approach than legacy vendors.
© 2014-2025 Stamus Networks, Inc. All rights Reserved.