Expand my Community achievements bar.

SOLVED

AEM - log4j

Avatar

Level 1
Level 1
1/4/22 11:47:27 AM

Is AEM vulnerable to the latest log4j vulnerability? The below Adobe site only list 2 out of the 4 CVE's for log4j.  So what about CVE-2021-45105 & CVE-2021-44832 ?

 

Mitigating Log4j2 vulnerabilities (CVE-2021-44228 and CVE-2021-45046) for Experience Manager Forms (...

Views

722

Replies

3
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Employee Advisor
Employee Advisor
1/5/22 6:26:34 AM

Please report this to the support, that this page should be amended with these 2 additional CVEs.

View solution in original post

Views

686

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
3 Replies

Avatar

Community Advisor
Community Advisor
1/4/22 11:34:30 PM

@brentd5354857 

Navigate to OSGi bundles console - look for log4j bundle version -> All versions from all from 2.0-beta9 to 2.14.1 are impacted.

Please refer this article for AEM log4j vulnerability (CVE-2021-44228) :
https://www.albinsblog.com/2021/12/apache-log4j2-remote-code-execution-through-JNDI-endpoints.html

 

 

Views

704

Replies

1
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 1
Level 1
1/5/22 4:19:21 AM
In response to Raja-kp

First off thats a 3RD PARTY!  Second off it doesn't even list the 4th CVE-2021-44228.

 

We pay Adobe money for this product, THEY need to list details about ALL 4 CVE's for log4j.

Views

693

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Correct answer by
Employee Advisor
Employee Advisor
1/5/22 6:26:34 AM

Please report this to the support, that this page should be amended with these 2 additional CVEs.

Views

687

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply