Impact of CVE-2021-44228 Apache Log4j Vulnerability - CVE-2021-45105 and CVE-2021-4104 (4259492)

Converse agora com nosso suporte

Voltar

Feedback enviado

Este artigo resolveu um problema para você?

Selecione a classificação

Título

Impact of CVE-2021-44228 Apache Log4j Vulnerability - CVE-2021-45105 and CVE-2021-4104
Descrição

A critical vulnerability was recently discovered related to systems/software that run Apache Log4j versions 2.0-beta9 through 2.12.1 and 2.13 through 2.15.

More information about this vulnerability can be found here: National Vulnerability database - CVE-2021-44228 (nist.gov)

Additional CVE's have been discovered;

National Vulnerability Database - CVE-2021-4104 (nist.gov)

National Vulnerability Database - CVE-2021-45105 (nist.gov)
Causa

This is an industry-wide vulnerability affecting the Apache Log4j itself and is not specific to Syslog-NG PE
Resolução

Syslog-NG PE does not use the affected versions of Apache Log4j, therefore is not affected by CVE-2021-44228, CVE-2021-4104, CVE-2021-45015

Note that version 7.0.30 of syslog-NG PE has version 2.17.2 of log4j; from the 7.0.30 Release Notes:

"Log4j upgraded to 2.17.2 Issue ID SYSLOGDEV-6263"

Feedback enviado

Este artigo resolveu um problema para você?

Selecione a classificação

Conteúdo recomendado

Produto(s):: syslog-ng Premium Edition
7.0.33, 7.0.32, 7.0.31, 7.0.30, 7.0.29, 7.0.28, 7.0.27, 7.0.26, 7.0.25, 7.0.20, 6.0.22, 6.0.21

Histórico do artigo:: Criado em: 12/13/2021
Última atualização em: 12/7/2023

Título