Expand my Community achievements bar.

SOLVED

AEM - log4j

Avatar

Level 1

Is AEM vulnerable to the latest log4j vulnerability? The below Adobe site only list 2 out of the 4 CVE's for log4j.  So what about CVE-2021-45105 & CVE-2021-44832 ?

 

Mitigating Log4j2 vulnerabilities (CVE-2021-44228 and CVE-2021-45046) for Experience Manager Forms (...

1 Accepted Solution

Avatar

Correct answer by
Employee Advisor

Please report this to the support, that this page should be amended with these 2 additional CVEs.

View solution in original post

3 Replies

Avatar

Community Advisor

@brentd5354857 

Navigate to OSGi bundles console - look for log4j bundle version -> All versions from all from 2.0-beta9 to 2.14.1 are impacted.

Please refer this article for AEM log4j vulnerability (CVE-2021-44228) :
https://www.albinsblog.com/2021/12/apache-log4j2-remote-code-execution-through-JNDI-endpoints.html

 

 

Avatar

Level 1

First off thats a 3RD PARTY!  Second off it doesn't even list the 4th CVE-2021-44228.

 

We pay Adobe money for this product, THEY need to list details about ALL 4 CVE's for log4j.

Avatar

Correct answer by
Employee Advisor

Please report this to the support, that this page should be amended with these 2 additional CVEs.