42Gears Security and Compliance Standards

Advisory ID: 42G-2021-001

Shortened Description: Apache Log4j Vulnerability (CVE-2021-44228)

Explanation:

Severity (CVSSv3 Range): 10.0

Issue date: 12/10/2021

Updated on: 02/06/2023

CVE(s): CVE-2021-44228

The vulnerability was discovered in the Log4j library.An attacker can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. . 42Gears Products makes indirect use of this library, our investigations have determined no exploitable path to the vulnerability within the 42Gears Product.

Reference:

https://community.42gears.com/t/update-for-apache-log4j-vulnerability-cve-2021-44228/2030

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-44228

https://nvd.nist.gov/vuln/detail/CVE-2021-44228