Skip to main content
Solved

log4j vulnerability CVE-2021-45046

  • 15 December 2021
  • 3 replies
  • 2773 views

Forum|alt.badge.img+6

Hi,

I started a new topic as it seems that the Apache Log4j vulnerability is not all covered yet.

Just want to know if Commvault is aware of the following: https://nvd.nist.gov/vuln/detail/CVE-2021-45046

Danny

Best answer by ScottHolmes

Hi Dave - best place to post that would be on the main sticky thread, that’s being manned by the vaulters with the most up to date guidance...

 

View original
Did this answer your question?

3 replies

Forum|alt.badge.img
  • Vaulter
  • 2 replies
  • December 15, 2021

Hi Danny, Scott here from Commvault - not in technical role but came across your post, there is actually a sticky thread that is hosting most of the conversation around Log4j, primarily it concerns the initial vulnerability (44228) but is now turning to the 45046 one from yesterday.

Log4j Vulnerability for 2.x - CVE-2021-44228 | Community (commvault.com)

The initial post contains instructions for obtaining a new report in your Commcell that shows which elements of your CV environment are exposed (if any), and guidance for applying the necessary hotfixes, although I expect this information will be updated soon with regards to upgrading to Log4j 2.16.


Forum|alt.badge.img+2
  • Byte
  • 7 replies
  • December 16, 2021

I do see Commvault has updated Security Vulnerability and Reporting (commvault.com) to include a new Log4J-2.16 Fix.  Are there any instructions on if you have the previous Log4J Fix already installed?  I.E.  Can you just add the new one to the cache and install over the old one?  Or do you have to somehow remove the old first?


Forum|alt.badge.img
  • Vaulter
  • 2 replies
  • Answer
  • December 16, 2021

Hi Dave - best place to post that would be on the main sticky thread, that’s being manned by the vaulters with the most up to date guidance...

 


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings