Apache Log4J Vulnerability: CVE-2021-44228
NXLog is aware of the recently discovered Log4J vulnerability that is tracked as CVE-2021-44228.
This vulnerability impacts Log4J 2 versions between 2.0-beta9
and 2.14.1
.
The NXLog Manager product uses log4j 1.2.17
and as such, is not impacted by this vulnerability.
There was a somewhat related vulnerability that was listed as CVE-2019-17571.
This vulnerability was specific to the SocketServer
class impacting versions 1.2
to 1.2.17
.
NXLog Manager does not use this SocketServer
class and is not affected.
Please feel free to contact support if there are any additional questions.
References:
https://logging.apache.org/log4j/2.x/security.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17571