![]() CVE-2021-44228 can be mitigated in either of the following ways:.Mitigation **ĮDB's supported remediation is delivered in EFM 4.3, which is now available for download.Īlternate steps for mitigation vary based on the CVE. MTK is in the process of testing an update to its packages using log4j v2.17, which will eliminate the three risks noted above. MTK does _NOT_ use these parameters, so MTK is _NOT_ impacted by this exploit. In order for log4j 1.x to be impacted by CVE-2021-44228 it would need to have log4j.properties using the following two parameters: Investigations from EDB developers has concluded that the current exploits do not affect xDB and MTK. The CVE only mentions versions 2.x of the log4j library, but there were concerns that version 1.x would also be affected. *MTK makes use of log4j 1.2, and xDB uses MTK as part of its codebase. The following tools are known to be using ANY version of log4j: So what does this mean for EDB? EDB tools using log4j ** More details can be found on the links above, as well as on Apache’s security page here. At present, the community has reported the following critical- and high-severity events:ĬVE-2021-44228 (Critical) Risk Type: Remote Code Execution - 12/6ĬVE-2021-45046 (Critical) Risk Type: Remote Code Execution - 12/14ĬVE-2021-45105 (High) Risk Type: Denial of Service - 12/18 The Apache Community has identified multiple exploits in log4j v2.x, which is a logging library. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |