As maybe know the last day’s a lot of actions needs to performed regarding the Log4j vulnerbility. Is this also been used in the Commvault software?
If so is there a patch/fix upcoming?
As maybe know the last day’s a lot of actions needs to performed regarding the Log4j vulnerbility. Is this also been used in the Commvault software?
If so is there a patch/fix upcoming?
Best answer by Stuart Painter
Thanks everyone for the comments, as
https://documentation.commvault.com/v11/essential/146231_security_vulnerability_and_reporting.html
Advisory ID: CV_2021_12_1
External Reporting IDs: CVE-2021-44228
Issued On: December 11, 2021
Updated On: December 11, 2021
Severity: Critical
Version: 1.0
Description
A critical vulnerability has been found on Apache Log4j logging libraries. For more information about this vulnerability, refer to the following report:
CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
Affected Products
This vulnerability may affect the following products:
Cloud Apps package
Oracle agent - Database archiving, data masking, and logical dump backup
Microsoft SQL Server agent - Database archiving, data masking, and table level restore
Resolution
An update has been issued to remove these vulnerable log4j versions from the affected Commvault packages.
Download and install the following updates from the Commvault store for your Feature Release on the affected client computers.
Feature Release | Minimum Maintenance Release Required | Update |
---|---|---|
11.25 | ||
11.24 | ||
11.23 | ||
11.22 | ||
11.21 | ||
11.20 | ||
SP16 |
Thanks,
Stuart
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.