Adobe Experience Manager Sites & More

brentd5354857 · 1/4/22

Is AEM vulnerable to the latest log4j vulnerability? The below Adobe site only list 2 out of the 4 CVE's for log4j. So what about CVE-2021-45105 & CVE-2021-44832 ?

Mitigating Log4j2 vulnerabilities (CVE-2021-44228 and CVE-2021-45046) for Experience Manager Forms (...

Jörg_Hoh · 1/5/22

Please report this to the support, that this page should be amended with these 2 additional CVEs.

View solution in original post

Raja-kp · 1/4/22

@brentd5354857

Navigate to OSGi bundles console - look for log4j bundle version -> All versions from all from 2.0-beta9 to 2.14.1 are impacted.

Please refer this article for AEM log4j vulnerability (CVE-2021-44228) :
https://www.albinsblog.com/2021/12/apache-log4j2-remote-code-execution-through-JNDI-endpoints.html

brentd5354857 · 1/5/22

First off thats a 3RD PARTY! Second off it doesn't even list the 4th CVE-2021-44228.

We pay Adobe money for this product, THEY need to list details about ALL 4 CVE's for log4j.

Jörg_Hoh · 1/5/22

Please report this to the support, that this page should be amended with these 2 additional CVEs.

Adobe Experience Manager Sites & More

AEM - log4j

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe