Skip to main content

CVE-2021-44228 Apache Log4j Vulnerability in Apache Software Foundation - Base score - 10

Link State
Forum|alt.badge.img+11

Hello everyone ,
this post to report a serious new vulnerability inherent in log4j on Apache category 10. score.

 

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.

 https://nvd.nist.gov/vuln/detail/CVE-2021-44228

 

 

Veeam: VMCA | VMCE | VMXP | Veeam Legend - Microsoft: MCITP | MCP | MCSA | 2008 R2 | 2012R2 | 2016 | MCSE Core Infrastructure | MCSE Cloud Platform - Azure: AZ900 | AZ104| AZ500 - AWS Cloud Practitioner - VMWare: VCP-DCV Vsphere 7.x - Cisco: CCNA (Expired)

11 comments

Madi.Cristil
Forum|alt.badge.img+8
  • Madi.Cristil
  • Community Manager
  • 617 comments
  • April 4, 2023

Thank you for sharing this, @Link State !

Madi Cristil
Chris.Childerhose
Link State
Iams3le
3 people like this
  • Chris.Childerhose
    Chris.Childerhose
  • Link State
    Link State
  • Iams3le
    Iams3le
vSyntaxError
Forum|alt.badge.img+2

This vulnerability has been fixed more than one year ago and exists more than a year. What is new here? 

Chris.Childerhose
Link State
Madi.Cristil
3 people like this
  • Chris.Childerhose
    Chris.Childerhose
  • Link State
    Link State
  • Madi.Cristil
    Madi.Cristil
Madi.Cristil
Forum|alt.badge.img+8
  • Madi.Cristil
  • Community Manager
  • 617 comments
  • April 4, 2023

Maybe @Link State wanted to share a different link in here, @vSyntaxError ? It seems like the link is from an old vulnerability...

Madi Cristil
Chris.Childerhose
Link State
Iams3le
3 people like this
  • Chris.Childerhose
    Chris.Childerhose
  • Link State
    Link State
  • Iams3le
    Iams3le
Link State
Forum|alt.badge.img+11
  • Link State
  • Author
  • Veeam Legend
  • 612 comments
  • April 4, 2023

https://nvd.nist.gov/vuln/detail/CVE-2021-44228

 

 

Veeam: VMCA | VMCE | VMXP | Veeam Legend - Microsoft: MCITP | MCP | MCSA | 2008 R2 | 2012R2 | 2016 | MCSE Core Infrastructure | MCSE Cloud Platform - Azure: AZ900 | AZ104| AZ500 - AWS Cloud Practitioner - VMWare: VCP-DCV Vsphere 7.x - Cisco: CCNA (Expired)
Chris.Childerhose
Iams3le
2 people like this
  • Chris.Childerhose
    Chris.Childerhose
  • Iams3le
    Iams3le
vSyntaxError
Forum|alt.badge.img+2

Nothing NetApp related for this update

Chris.Childerhose
Link State
2 people like this
  • Chris.Childerhose
    Chris.Childerhose
  • Link State
    Link State
Link State
Forum|alt.badge.img+11
  • Link State
  • Author
  • Veeam Legend
  • 612 comments
  • April 4, 2023
vSyntaxError wrote:

Nothing NetApp related for this update

yep sorry only related Apache Software Foundation

Veeam: VMCA | VMCE | VMXP | Veeam Legend - Microsoft: MCITP | MCP | MCSA | 2008 R2 | 2012R2 | 2016 | MCSE Core Infrastructure | MCSE Cloud Platform - Azure: AZ900 | AZ104| AZ500 - AWS Cloud Practitioner - VMWare: VCP-DCV Vsphere 7.x - Cisco: CCNA (Expired)
Chris.Childerhose
Link State
Madi.Cristil
3 people like this
  • Chris.Childerhose
    Chris.Childerhose
  • Link State
    Link State
  • Madi.Cristil
    Madi.Cristil
Link State
Forum|alt.badge.img+11
  • Link State
  • Author
  • Veeam Legend
  • 612 comments
  • April 4, 2023

@Madi.Cristil  can change title  CVE-2021-44228 Apache Log4j Vulnerability in Apache Software Foundation

Veeam: VMCA | VMCE | VMXP | Veeam Legend - Microsoft: MCITP | MCP | MCSA | 2008 R2 | 2012R2 | 2016 | MCSE Core Infrastructure | MCSE Cloud Platform - Azure: AZ900 | AZ104| AZ500 - AWS Cloud Practitioner - VMWare: VCP-DCV Vsphere 7.x - Cisco: CCNA (Expired)
Chris.Childerhose
Link State
Madi.Cristil
3 people like this
  • Chris.Childerhose
    Chris.Childerhose
  • Link State
    Link State
  • Madi.Cristil
    Madi.Cristil
Madi.Cristil
Forum|alt.badge.img+8
  • Madi.Cristil
  • Community Manager
  • 617 comments
  • April 4, 2023
Link State wrote:
vSyntaxError wrote:

Nothing NetApp related for this update

yep sorry only related Apache Software Foundation

@Link State , can you please edit your article in such away that it is not confusing for our members? 

Madi Cristil
Chris.Childerhose
Link State
2 people like this
  • Chris.Childerhose
    Chris.Childerhose
  • Link State
    Link State
Link State
Forum|alt.badge.img+11
  • Link State
  • Author
  • Veeam Legend
  • 612 comments
  • April 4, 2023

@Madi.Cristil   done sorry for mistake

Veeam: VMCA | VMCE | VMXP | Veeam Legend - Microsoft: MCITP | MCP | MCSA | 2008 R2 | 2012R2 | 2016 | MCSE Core Infrastructure | MCSE Cloud Platform - Azure: AZ900 | AZ104| AZ500 - AWS Cloud Practitioner - VMWare: VCP-DCV Vsphere 7.x - Cisco: CCNA (Expired)
Chris.Childerhose
Link State
Madi.Cristil
3 people like this
  • Chris.Childerhose
    Chris.Childerhose
  • Link State
    Link State
  • Madi.Cristil
    Madi.Cristil
Chris.Childerhose
Forum|alt.badge.img+21

Thanks for sharing.

Chris Childerhose - VMCA2024 | VMCE2023 | VMCE-SP2024 | Veeam Vanguard 8* | Veeam Legend 5* | vExpert 6* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
Link State
1 person likes this
  • Link State
    Link State
Madi.Cristil
Forum|alt.badge.img+8
  • Madi.Cristil
  • Community Manager
  • 617 comments
  • April 4, 2023
Link State wrote:

@Madi.Cristil   done sorry for mistake

Thank you , @Link State !

Madi Cristil
Chris.Childerhose
Link State
2 people like this
  • Chris.Childerhose
    Chris.Childerhose
  • Link State
    Link State

Comment


Terms & Conditions