Level 1
Level 2
Sign in to Community
Learn more
Sign in to view all badges
Expand my Community achievements bar.
Hi friends,
Does this https://nvd.nist.gov/vuln/detail/CVE-2021-44228 and https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228 vulnerability apply to AEM 6.5 and 6.1 ? Did anyone face any issues with it?
The vulnerability is with org.Apache.logging.Log4j.logger but I see our AEM is using log4j.over.slf4j bundle which is abstract of log4j. But I am not sure that this vulnerability fully applies to AEM as well.
Any recommendation would help.
Thanks
Bipin
Solved! Go to Solution.
All, Check the response from AEM security team here: https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/apache-log4j-remote-code-e...
AEM seems to be uneffected.
Thanks,
Kiran Vedantam.
View solution in original post
Aem depfinder not showing any wrapper or log4j dependencies . Sling log using log back .
is there any find out internal implementation using log4j?
Hi Adobe,
We are in similar situation we saw a log4j-over-slf4j in one of AEM directory we are using AEM 6.2 are we affected by this vulnerability?
Regards,
Gerald
How about AEM 6.3, 6.4 and 5.x?
Refer to https://logging.apache.org/log4j/2.x/security.html link
