CVE-2021-44228: Mitigation GoAnywhere MFT

Dear customers,

On December 10 NIST published CVE-2021-44228 in response to the open-source Apache “Log4j2″ utility.

HelpSystems is actively monitoring this issue, investigating the potential impact on our products, and assembling the appropriate mitigations.

While the Log4j zero-day vulnerability does not appear to affect all Java versions, mitigation steps have been issued for GoAnywhere MFT.

For the latest guidance, please visit: https://www.goanywhere.com/cve-2021-44228-goanywhere-mitigation-steps.

The mitigation steps for the following products are enumerated below, and can be applied to assure the exploitable code is avoided when running any version of Java.

If you have earlier versions of our GoAnywhere software, you will need to upgrade before applying the system property.

• GoAnywhere MFT version 5.7.0 or later.
• GoAnywhere Gateway version 2.7.0 or later.
• GoAnywhere MFT Agents 1.4.2 or later.

For more information on this vulnerability:  https://nvd.nist.gov/vuln/detail/CVE-2021-44228

If you need additional details or assistance, please contact your local support.

Thank you