Broadcom Software is investigating an Apache Log4j 2 remote code execution vulnerability that was recently reported to Apache.  CVE identifier CVE-2021-44228 has been assigned to this vulnerability.  This is a Critical vulnerability, and exploit code is in the wild.  The Log4j team has addressed the vulnerability in Log4j 2.15.0. 

Log4j Versions Affected: all versions from 2.0-beta9 to 2.14.1

CVE-2021-44228 Description: Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default.

ProxySG platforms running SGOS

ProxySG is NOT affected by this vulnerability

For more information and  other Product vulnerability to Log4j 2 please visit Broadcom Enterprise Software Security Advisory for Log4j 2 CVE-2021-44228 Vulnerability