Recently, a critical vulnerability related to Log4j was identified under CVE-2021-44228. This vulnerability allows attackers to send and execute code remotely. Additional Log4j vulnerabilities have since been identified: CVE-2021-45046, CVE-2017-5645, CVE-2019-17571, CVE-2020-9488, and CVE-2021-4104.
Overview and Impact:
CVE-2021-44228 is the designation for this vulnerability and affects Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI features.
Upgrading to version 2.16 is the recommended remediation based on CVE-2021-45046.
Confirmed Not Impacted
- NIOS 8.4.x, 8.5.x, 8.6.x
- Additionally, current FIPS and Common Criteria releases are also not impacted
- Note that NIOS does not use Data Fabric Search (DFS)
- BloxOne Products
- BloxOne Threat Defense
Affected but mitigated
- NetMRI. For more information please see KB 000007559 in the Infoblox Support portal
No action is required for NIOS or BloxOne products identified above.
For NetMRI please see KB 000007559 in the Infoblox Support Portal