Hi friends,

Does this https://nvd.nist.gov/vuln/detail/CVE-2021-44228 and https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228 vulnerability apply to AEM 6.5 and 6.1 ? Did anyone face any issues with it?

The vulnerability is with org.Apache.logging.Log4j.logger  but I see our AEM is using log4j.over.slf4j bundle which is abstract of log4j. But I am not sure that this vulnerability fully applies to AEM as well. 

Any recommendation would help.

Thanks

Bipin