Level 2

Solved

Log4j Expliot JNDI for AEM

Forum|Forum|4 years ago
December 11, 2021
5 replies
5362 views

Hi friends,

Does this https://nvd.nist.gov/vuln/detail/CVE-2021-44228 and https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228 vulnerability apply to AEM 6.5 and 6.1 ? Did anyone face any issues with it?

The vulnerability is with org.Apache.logging.Log4j.logger but I see our AEM is using log4j.over.slf4j bundle which is abstract of log4j. But I am not sure that this vulnerability fully applies to AEM as well.

Any recommendation would help.

Thanks

Bipin

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

Best answer by Kiran_Vedantam

All, Check the response from AEM security team here: https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/apache-log4j-remote-code-execution-vulnerability-cve-2021-44228/td-p/434261

AEM seems to be uneffected.

Thanks,

Kiran Vedantam.

S

satishchitikena

Aem depfinder not showing any wrapper or log4j dependencies . Sling log using log back .

is there any find out internal implementation using log4j?

A

AditiVoh

Hi Adobe,

We are in similar situation we saw a log4j-over-slf4j in one of AEM directory we are using AEM 6.2 are we affected by this vulnerability?

Regards,

Gerald

Magicr

Level 6

How about AEM 6.3, 6.4 and 5.x?

Kiran_Vedantam

Accepted solution

Community Advisor

All, Check the response from AEM security team here: https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/apache-log4j-remote-code-execution-vulnerability-cve-2021-44228/td-p/434261

AEM seems to be uneffected.

Thanks,

Kiran Vedantam.

JeetendraASahu

Refer to https://logging.apache.org/log4j/2.x/security.html link

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded