Page 1 of 1

Log4j vulnerability

Posted: Mon Dec 13, 2021 9:43 am
by John
The search appliance is not affected by the log4j vulnerability CVE-2021-44228 (log4shell) that allows arbitrary code execution using jndi and ldap. No update is needed.

Re: Log4j vulnerability

Posted: Wed Dec 15, 2021 10:22 am
by mark
The search appliance is also not affected by the 2nd log4j vulnerability, CVE-2021-45046.

Re: Log4j vulnerability

Posted: Tue Dec 21, 2021 10:59 am
by mark
One more for the list. Thunderstone products are not vulnerable to CVE-2021-45105, uncontrolled recursion. No version of Thunderstone products are vulnerable to these as they don't use log4j2.