• EN

CVE-2021-44228 Apache Log4j Vulnerability in Apache Software Foundation - Base score - 10

Link State
Userlevel 7
Badge +8

Hello everyone ,
this post to report a serious new vulnerability inherent in log4j on Apache category 10. score.

 

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.

 https://nvd.nist.gov/vuln/detail/CVE-2021-44228

 

 

Veeam: VMCA | VMCE | VMXP | Veeam Legend - Microsoft: MCITP | MCP | MCSA | 2008 R2 | 2012R2 | 2016 | MCSE Core Infrastructure | MCSE Cloud Platform - Azure: AZ900 | AZ104 - VMWare: VCP-DCV Vsphere 7.x - Cisco: CCNA (Expired)

11 comments

Madi.Cristil
Userlevel 7
Badge +7

Thank you for sharing this, @Link State !

Madi Cristil
vSyntaxError
Userlevel 5
Badge +2

This vulnerability has been fixed more than one year ago and exists more than a year. What is new here? 

Madi.Cristil
Userlevel 7
Badge +7

Maybe @Link State wanted to share a different link in here, @vSyntaxError ? It seems like the link is from an old vulnerability...

Madi Cristil
Link State
Userlevel 7
Badge +8

https://nvd.nist.gov/vuln/detail/CVE-2021-44228

 

 

Veeam: VMCA | VMCE | VMXP | Veeam Legend - Microsoft: MCITP | MCP | MCSA | 2008 R2 | 2012R2 | 2016 | MCSE Core Infrastructure | MCSE Cloud Platform - Azure: AZ900 | AZ104 - VMWare: VCP-DCV Vsphere 7.x - Cisco: CCNA (Expired)
vSyntaxError
Userlevel 5
Badge +2

Nothing NetApp related for this update

Link State
Userlevel 7
Badge +8

Nothing NetApp related for this update

yep sorry only related Apache Software Foundation

Veeam: VMCA | VMCE | VMXP | Veeam Legend - Microsoft: MCITP | MCP | MCSA | 2008 R2 | 2012R2 | 2016 | MCSE Core Infrastructure | MCSE Cloud Platform - Azure: AZ900 | AZ104 - VMWare: VCP-DCV Vsphere 7.x - Cisco: CCNA (Expired)
Link State
Userlevel 7
Badge +8

@Madi.Cristil  can change title  CVE-2021-44228 Apache Log4j Vulnerability in Apache Software Foundation

Veeam: VMCA | VMCE | VMXP | Veeam Legend - Microsoft: MCITP | MCP | MCSA | 2008 R2 | 2012R2 | 2016 | MCSE Core Infrastructure | MCSE Cloud Platform - Azure: AZ900 | AZ104 - VMWare: VCP-DCV Vsphere 7.x - Cisco: CCNA (Expired)
Madi.Cristil
Userlevel 7
Badge +7

Nothing NetApp related for this update

yep sorry only related Apache Software Foundation

@Link State , can you please edit your article in such away that it is not confusing for our members? 

Madi Cristil
Link State
Userlevel 7
Badge +8

@Madi.Cristil   done sorry for mistake

Veeam: VMCA | VMCE | VMXP | Veeam Legend - Microsoft: MCITP | MCP | MCSA | 2008 R2 | 2012R2 | 2016 | MCSE Core Infrastructure | MCSE Cloud Platform - Azure: AZ900 | AZ104 - VMWare: VCP-DCV Vsphere 7.x - Cisco: CCNA (Expired)
Chris.Childerhose
Userlevel 7
Badge +20

Thanks for sharing.

Chris Childerhose - VMCA2022 | VMCE2023 | Veeam Vanguard 7* | Veeam Legend 3* | vExpert 5* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
Madi.Cristil
Userlevel 7
Badge +7

@Madi.Cristil   done sorry for mistake

Thank you , @Link State !

Madi Cristil

Comment


Terms & Conditions