KB0029 – Apache Log4J vulnerability

A vulnerability has been identified in the Apache Log4J logging framework – CVE-2021-44228

Promenta are receiving question from customers about the potential risk to Promenta solutions.

Summary of issue

A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.15.0. A remote attacker who can control log messages or log message parameters, can execute arbitrary code on the server via JNDI LDAP endpoint.

Conclusion

Promenta does not use the affected log4j versions in any solutions that are currently supported.

 

Scroll to Top