EIQ-2021-0016
ID |
EIQ-2021-0016 |
||||||||||||||||||||||||||||||
CVE |
|||||||||||||||||||||||||||||||
Description |
Superseded by EIQ-2021-0016-2. Log4j versions earlier than 2.15 have a remote code execution vulnerability. |
||||||||||||||||||||||||||||||
Date |
10 December 2021 Updated 14 December 2021 |
||||||||||||||||||||||||||||||
Severity |
See EIQ-2021-0016-2 |
||||||||||||||||||||||||||||||
CVSSv3 score |
|||||||||||||||||||||||||||||||
Status |
See EIQ-2021-0016-2 |
||||||||||||||||||||||||||||||
Assessment |
11 December 2021: Superseded by EIQ-2021-0016-2. Mitigations described here are no longer relevant. This is a developing situation. For updated advice, see EIQ-2021-0016-2. Log4j versions earlier than 2.15 are vulnerable to CVE-2021-44228 where log formatting can be exploited to retrieve arbitrary data from a malicious LDAP server through JDNI (Java Naming and Directory Interface), and can result in remote code execution. This exploit is mitigated in versions of the Intelligence Center listed below, by bundling versions of the JDK that block the exploit:
Your system is still vulnerable if it runs these versions of JDK (Java Development Kit):
More information: |
||||||||||||||||||||||||||||||
Mitigation |
- |
||||||||||||||||||||||||||||||
Affected versions |
2.11.x – 2.9.x |
||||||||||||||||||||||||||||||
Notes |
N/A |