Apache Log4J Vulnerability: CVE-2021-44228

NXLog is aware of the recently discovered Log4J vulnerability that is tracked as CVE-2021-44228.
This vulnerability impacts Log4J 2 versions between 2.0-beta9 and 2.14.1.

The NXLog Manager product uses log4j 1.2.17 and as such, is not impacted by this vulnerability.

There was a somewhat related vulnerability that was listed as CVE-2019-17571.
This vulnerability was specific to the SocketServer class impacting versions 1.2 to 1.2.17.
NXLog Manager does not use this SocketServer class and is not affected.

Please feel free to contact support if there are any additional questions.

References:
https://logging.apache.org/log4j/2.x/security.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17571

Share this post