42Gears Security and Compliance Standards
Advisory ID: 42G-2021-001
Shortened Description: Apache Log4j Vulnerability (CVE-2021-44228)
Explanation:
Severity (CVSSv3 Range): 10.0
Issue date: 12/10/2021
Updated on: 02/06/2023
CVE(s): CVE-2021-44228
The vulnerability was discovered in the Log4j library.An attacker can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. . 42Gears Products makes indirect use of this library, our investigations have determined no exploitable path to the vulnerability within the 42Gears Product.
Reference:
https://community.42gears.com/t/update-for-apache-log4j-vulnerability-cve-2021-44228/2030
https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-44228
https://nvd.nist.gov/vuln/detail/CVE-2021-44228