search cancel

Is Data Center Security Server affected by the zero day Apache Log4j2 vulnerability reported in CVE-2021-44228?

book

Article ID: 230371

calendar_today

Updated On:

Products

Data Center Security Server Advanced Data Center Security Monitoring Edition Data Center Security Server

Issue/Introduction

On December 11th, 2021, NVD - CVE-2021-44228 (nist.gov) was released describing a remote code execution exploit in Apache Log4J2

Cause

A Remote Code Execution vulnerability has been reported that affects the widely used Java logging library Apache Log4j2, in particular versions 2.0-2.14.1, due to the way it parses JNDI lookup strings. 

Resolution

Data Center Security is not susceptible to this vulnerability. CVE-2021-44228 affects log4j-core-2.x.jar, which is not consumed by DCS.

Additional Information

For more information on how this and other Broadcom products are affected by this vulnerability, please see Symantec Security Advisory for Log4j 2 CVE-2021-44228 Vulnerability