DigiCert KnowledgeBase - Technical Support-hero

Knowledge Base

DigiCert Log4J Response

Solution ID : AL141221034144
Last Modified : 10/21/2023

Description

DigiCert is aware of the zero-day exploit affecting the Apache Log4j utility. We continue to analyze the vulnerabilities related to Apache Log4j disclosed on December 9, 2021. At this time, we are not aware of any impact to our services and all services continue to operate as expected.  

To keep your DigiCert services secure, our dedicated team of security professionals continues to monitor the overall impact of the Log4j remote-code execution vulnerabilities (CVE-2021-45046, CVE-2021-44228, CVE-2021-45105, and CVE-2021-44832). We will provide new information as it becomes available.

Services status

CertCentral

Services

Impacted/Not affected

Patch status

Notes

CertCentral API

Not affected

Not applicable

CertCentral console

Not affected

Not applicable

Automation: DigiCert Automation Agent

Not affected

Not applicable

Discovery and Automation: On-premises sensor

Impacted

Patched to Apache Log4j 2.16.0 on December 15, 2021

Patched to Apache Log4j 2.17.0 on December 20, 2021

Discovery and Automation: CertCentral public scan

Not affected

Not applicable

Discovery and Automation:
CertCentral-Discovery as a Service

Not affected

Not applicable

ACME

Not affected

Not applicable

DigiCert Site Seal

Services

Impacted/Not affected

Patch status

Notes

Site Seal

Not affected

Not applicable

Certificate Issuing Service (CIS)

Services

Impacted/Not affected

Patch status

Notes

CIS

Impacted

Patched to Apache Log4j 2.15.0 on December 10, 2021

Patched to Apache Log4j 2.16.0 on December 14, 2021

Patched to Apache Log4j 2.17.0 on December 20, 2021

Code Signing Timestamp Service

Services

Impacted/Not affected

Patch status

Notes

Code Signing Timestamp Service

Not affected

Not applicable

Online Certificate Status Protocol (OCSP)

Services

Impacted/Not affected

Patch status

Notes

OCSP

Not affected

Not applicable

Certificate Revocation List (CRL)

Services

Impacted/Not affected

Patch status

Notes

CRL

Not affected

Not applicable

digicert.com

Services

Impacted/Not affected

Patch status

Notes

Website

Not affected

Not applicable

Managed PKI (User Authentication)

Services

Impacted/Not affected

Patch status

Notes

PKI Platform 8

Not affected

Not applicable

PKI Platform 8:

Enterprise Gateway

Not affected

Not applicable

PKI Platform 8:

Auto Enrollment Server

Not affected

Not applicable

PKI Platform 8:

Local Key Management Server (LKMS)

Not affected

See Notes.

Not applicable

However, the LKMS package does ship with Log4j v2.8.2, but it is NOT used by the LKMS server code.

If you want to remove this, see our knowledgebase article

PKI Platform 8:

PKI Client

Not affected

Not applicable

PKI Platform 8:

InTune Import Tool

Not affected

Not applicable

PKI Platform 8:

Enrollment over Secure Transport (EST) Client

Not affected

Not applicable

PKI Platform 8:

Simple Certificate Enrollment Protocol (SCEP) Client

Not affected

Not applicable

PKI Platform 8:

DigiCert Desktop Client

Not affected

See Notes.

Not applicable

DigiCert Desktop Client is not affected. However, make sure you are running one of the two latest releases: 3.3.0 or 3.2.1.

The new version can be downloaded here:  DigiCert Desktop Client

PKI Platform 8:

Bulk Export Tool

Not affected

Not applicable

PKI Platform 8:

Enrollment over Secure Transport (EST) Proxy Server

Not affected

Not applicable

PKI Platform 8:

Simple Certificate Enrollment Protocol (SCEP) Proxy Server

Not affected

Not applicable

PKI Platform 7

Not affected

Not applicable

PKI Platform 7 (Japan)

Not affected

Not applicable

CI Plus Platform

Impacted

Patched to Apache Log4j 2.16.0 on December 15, 2021

Patched to Apache Log4j 2.17.0 on December 21, 2021

Online Certificate Status Protocol (OCSP)

Not affected

Not applicable

Certificate Revocation List (CRL)

Not affected

Not applicable

Direct Cert Portal

Services

Impacted/Not affected

Patch status

Notes

Direct Cert Portal API

Not affected

Not applicable

Direct Cert Portal Console

Not affected

Not applicable

DigiCert ONE

Services

Impacted/Not affected

Patch status

Notes

Account Manager

Not affected

Not applicable

CA Manager

Not affected

Not applicable

DigiCert® Trust Lifecycle Manager

Not affected

Not applicable

DigiCert® IoT Trust Manager

Not affected

Not applicable

DigiCert® Software Trust Manager

Not affected

Not applicable

DigiCert® Document Trust Manager

Not affected

Not applicable

Automation Manager

Not affected

Not applicable

Automation Manager, on-premises sensor

Impacted

Patched to Apache Log4j 2.16.0 on December 15, 2021

Patched to Apache Log4j 2.17.0 on December 20, 2021

DigiCert ONE Japan

Services

Impacted/Not affected

Patch status

Notes

Account Manager

Not affected

Not applicable

CA

Not affected

Not applicable

Enterprise PKI Manager

Not affected

Not applicable

IoT Device Manager

Not affected

Not applicable

Secure Software Manager

Not affected

Not applicable

Document Signing Manager

Not affected

Not applicable

Enterprise

Services

Impacted/Not affected

Patch status

Notes

API VICE2

Not affected

Not applicable

DigiCert Gatekeeper Service

Services

Impacted/Not affected

Patch status

Notes

GateKeeper

Not affected

Not applicable

QuoVadis

Services

Impacted/Not affected

Patch status

Notes

DSS-Engine Production

Not affected

Not applicable

DSS-Engine Staging

Not affected

Not applicable

Trust/Link

Not affected

Not applicable

SealSign Cloud Production

Not affected

Not applicable

SealSign Cloud Staging

Not affected

Not applicable

QVSS (QuoVadis Signing Service)

Not affected

Not applicable

QuoVadis Qualified Timestamps

Not affected

Not applicable

QuoVadis website Netherlands

Not affected

Not applicable

QuoVadis NOVA System

Not affected

Not applicable

TL/C Demo

Not affected

Not applicable

TL/C Prod

Not affected

Not applicable

PERSS

Not affected

Not applicable

SixTerravis

Not affected

Not applicable

Primosign

Not affected

Not applicable

QuoVadis IDP

Not affected

Not applicable

If you discover your systems are affected by log4j, DigiCert recommends that you create new keys, request replacement certificates, and revoke any impacted certificates from the compromised systems.

For further questions, contact DigiCert Support.