This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Revenera Community
- :
- FlexNet Publisher
- :
- FlexNet Publisher Knowledge Base
- :
- CVE-2021-44832 Log4j vulnerability impact on FlexNet Publisher
Subscribe
- Mark as New
- Mark as Read
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
CVE-2021-44832 Log4j vulnerability impact on FlexNet Publisher
CVE-2021-44832 Log4j vulnerability impact on FlexNet Publisher
Summary:
Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can execute remote code. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.
Problem Description:
Upon analysis for the CVE-2021-44832 in FlexNet Publisher, it does not use any JNDI data source
Resolution:
FNP solution around log4j is not vulnerable to vulnerability CVE-2021-44832
No ratings