Solved

AEM - log4j

Forum|Forum|4 years ago
January 4, 2022
2 replies
1316 views

Is AEM vulnerable to the latest log4j vulnerability? The below Adobe site only list 2 out of the 4 CVE's for log4j. So what about CVE-2021-45105 & CVE-2021-44832 ?

Mitigating Log4j2 vulnerabilities (CVE-2021-44228 and CVE-2021-45046) for Experience Manager Forms (adobe.com)

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

Best answer by joerghoh

Please report this to the support, that this page should be amended with these 2 additional CVEs.

Raja-Karuppsamy

Community Advisor

@brentd5354857

Navigate to OSGi bundles console - look for log4j bundle version -> All versions from all from 2.0-beta9 to 2.14.1 are impacted.

Please refer this article for AEM log4j vulnerability (CVE-2021-44228) :
https://www.albinsblog.com/2021/12/apache-log4j2-remote-code-execution-through-JNDI-endpoints.html

B

brentd5354857Author

First off thats a 3RD PARTY! Second off it doesn't even list the 4th CVE-2021-44228.

We pay Adobe money for this product, THEY need to list details about ALL 4 CVE's for log4j.

joerghoh

Accepted solution

Adobe Employee

Please report this to the support, that this page should be amended with these 2 additional CVEs.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded