Why is RHV-M not vulnerable to the Log4Shell vulnerability?
Issue
- CVE-2021-44228 documents a critical vulnerability with
log4j 2.x.
- CVE-2021-4104 documents a moderate vulnerability with
log4j 1.x.
- RHV-M systems install various versions and components of
log4j 1.x.
Audit scans may flag these as vulnerable.
Environment
- Red Hat Virtualization Manager (RHV-M) 4.x.
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.