Log4shell
![Card image cap](https://stoeps.de/posts/2021/log4j_how_to_find_out/lucian-alexe-p3Ip8U0eNNM-unsplash_hu9161546d56113d53497e938d8f2cbcef_3556528_350x175_fill_q75_box_smart1.jpg)
Update 2021-12-13 2021-12-15
- Elasticsearch: Apache Log4j2 Remote Code Execution (RCE) Vulnerability - CVE-2021-44228 - ESA-2021-31
- HCL: CVE-2021-44228 : Security Advisory
- IBM: Security Bulletin: Vulnerability in Apache Log4j affects WebSphere Application Server (CVE-2021-44228)
- Security Bulletin: HCL Connections Security Update for Apache Log4j 2 Vulnerability (CVE-2021-44228)
- CVE-2021-45046: It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations.
So there is a fix for kc.war
which updates the log4j
2.8 to 2.15, Elasticsearch in Component Pack has log4j 2.8 and 2.11 included but is not vulnerable because of additional security settings.
Created:
Last Update: Read in about 5 min
Last Update: Read in about 5 min