CyberCNS scanner will check if any process is using the java log4j jar and also will check all the related parameters that are configured for marking it's as vulnerable for CVE-2021-44228.
CyberCNS is fetching Log4J Vulnerabilities based on the java processes running in the system and validating whether that process is using the Log4J Component or not. In case it is using Log4j components the system verifies if certain global environmental variables are set and and the JVM options that are provided for that process. After considering all this, if any process matches the vulnerability criteria CyberCNS marks it as vulnerable.
Once authenticated vulnerability scan is completed successfully, the results are shown in the dashboard under Log4shell Vulnerability Analysis at Company Level and at Global Level.
...
CyberCNS external scans will scan for log4j against open ports. If that port is found vulnerable for log4j, it will trigger a mail on the configured email ID under CyberCNS settings.
Please note only an external scan result with log4j vulnerability will trigger an email notification.
...
There are three modes of Log4j detection. The one on the dashboard is a deep scan to find Log4j instances in any of the machines.
However, in the case of VMware, there is no access to the Vcenter filesystem to find out if the system is vulnerable. So we are doing a version-based detection of the Log4j vulnerability and that shows under the internal report of Vulnerabilities.
...