Knowledge Base

Scenario

DigiCert sensors included a version of Apache Log4j identified in the Log4j zero-day exploit.

Solution

We recommend updating your sensors to version 3.8.45 immediately. DigiCert sensor version 3.8.46 includes the latest patched version of Log4j 2.17.1.

Check your sensors

1. In CertCentral, in the left main menu, go to Discovery > Manage Discovery.
2. On the Manage scans page, in the Add sensor dropdown, select Manage sensors.
3. On the Manage sensors page, use the Version column in the table to check the version of your sensors*.

*Note: Check all sensors, including those set to auto-update, and verify the update was successful. If a sensor was offline or unreachable, the auto-update might have failed to update the sensor.

Update your sensors

For sensors set to update manually or failed to auto-update, manually update these sensors to 3.8.46

See our Update a sensor instructions.

Deprecated Open Virtualization Alliance (OVA) sensor

We discontinued support for OVA in January 2021. If you are using a DigiCert OVA sensor, you cannot update your OVA sensor to version 3.8.46.

Because you are unable to update your OVA sensor, we recommend doing the following tasks immediately:

• Void affected sensors
• Uninstall affected sensors

To continue to use Discovery and Automation, you need to install a new sensor on the most recent version of a supported Windows, Linux, or Docker operating system. See the Install a sensor instructions.