log4j vulnerability CVE-2021-45046

  • 15 December 2021
  • 3 replies

Userlevel 1
Badge +6


I started a new topic as it seems that the Apache Log4j vulnerability is not all covered yet.

Just want to know if Commvault is aware of the following:



Best answer by ScottHolmes 16 December 2021, 14:00

View original

3 replies


Hi Danny, Scott here from Commvault - not in technical role but came across your post, there is actually a sticky thread that is hosting most of the conversation around Log4j, primarily it concerns the initial vulnerability (44228) but is now turning to the 45046 one from yesterday.

Log4j Vulnerability for 2.x - CVE-2021-44228 | Community (

The initial post contains instructions for obtaining a new report in your Commcell that shows which elements of your CV environment are exposed (if any), and guidance for applying the necessary hotfixes, although I expect this information will be updated soon with regards to upgrading to Log4j 2.16.

Badge +2

I do see Commvault has updated Security Vulnerability and Reporting ( to include a new Log4J-2.16 Fix.  Are there any instructions on if you have the previous Log4J Fix already installed?  I.E.  Can you just add the new one to the cache and install over the old one?  Or do you have to somehow remove the old first?


Hi Dave - best place to post that would be on the main sticky thread, that’s being manned by the vaulters with the most up to date guidance...