search cancel

DLP CVE-2021-44228

book

Article ID: 230289

calendar_today

Updated On:

Products

Data Loss Prevention

Issue/Introduction

Zero day vulnerability CVE-2021-44228 information for Symantec Data Loss Prevention (DLP).

CVE - CVE-2021-44228 (mitre.org)

Log4j 2x and above are vulnerable.

Resolution

Broadcom development has reviewed all DLP versions. DLP is NOT vulnerable to this vector. 

Details:

CVE-2021-44228 impacts (log4j-core-2.x.jar) which is NOT shipped with DLP, nor consumed by DLP in indirect form. 

The official public statements are here:

DLP not vulnerable to zero-day vulnerability CVE-2021-44228

Symantec Security Advisory for Log4j Vulnerability

Additional Information

Update, as per previous statements from DLP Engineering, there is now a Hotfix available to remove log4j files from DLP server installations (broadcom.com).