The search appliance is not affected by the log4j vulnerability CVE-2021-44228 (log4shell) that allows arbitrary code execution using jndi and ldap. No update is needed.
Log4j vulnerability
-
John
- Site Admin
- Posts: 2623
- Joined: Mon Apr 24, 2000 3:18 pm
- Location: Cleveland, OH
-
mark
- Site Admin
- Posts: 5519
- Joined: Tue Apr 25, 2000 6:56 pm
Re: Log4j vulnerability
The search appliance is also not affected by the 2nd log4j vulnerability, CVE-2021-45046.
-
mark
- Site Admin
- Posts: 5519
- Joined: Tue Apr 25, 2000 6:56 pm
Re: Log4j vulnerability
One more for the list. Thunderstone products are not vulnerable to CVE-2021-45105, uncontrolled recursion. No version of Thunderstone products are vulnerable to these as they don't use log4j2.