Am I affected by CVE-2021-44228
Environment
Red Hat Enterprise Linux 6,7,8
Issue
A flaw was found in the Java logging library Apache Log4j in versions from 2.0.0 and before as well as version 2.15.0. This allows a remote attacker to execute code on the server if the system logs an attacker-controlled string value with the attacker's JNDI LDAP server lookup.
Resolution
For details of the vulnerability and affected products, refer CVE 2021-44228
For more detailed information please refer to the security bulletin or the FAQ - CVE-2021-44228 Common Issues and Questions
Please note that only following products are impacted by this vulnerability
Red Hat CodeReady Studio 12 Red Hat OpenStack Platform 13 Red Hat Integration Camel K Red Hat Integration Camel Quarkus Red Hat OpenShift Application Runtimes Vert.X 4 Red Hat JBoss Fuse 7 Red Hat OpenShift 4 Red Hat OpenShift 3.11 Red Hat OpenShift Logging Red Hat Data Grid 8 Red Hat JBoss AMQ Streaming
RHEL products are not included in the list as these are not impacted by this vulnerability.
Red Hat Enterprise Linux 6 log4j Not affected Red Hat Enterprise Linux 7 log4j Not affected Red Hat Enterprise Linux 8 parfait:0.5/log4j12 Not affected
You can safely ignore this vulnerability on RHEL versions as this does not affect RHEL.
For concerns regarding version 1 of log4j please refer to CVE-2021-4104
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments