top of page

[Log4j Security Vulnerability Explained]

 

  1. CVE-2021-44228

1.1 The CVE-2021-44228 vulnerability in Java logging software Log4j v2.x allows remote code execution via JNDI lookup. It affects Log4j versions from v2.0 to v2.14.

1.2 Cellopoint uses version 2.17.1, which is not affected by this vulnerability.


  1. CVE-2019-17571  

2.1 The CVE-2019-17571 vulnerability allows remote code execution when the SocketServer class is used in combination with deserialization tools, affecting Log4j versions from v1.2 to v1.2.17. 

2.2 Cellopoint uses version 2.17.1, which is not affected by this vulnerability. 

 

  1. CVE-2021-4104  

3.1 The CVE-2021-4104 vulnerability allows remote code execution through the use of JMSAppender, affecting Log4j v1.2.x. 

3.2 Cellopoint uses version 2.17.1, which is not affected by this vulnerability. 

 

  1. CVE-2021-45046  

4.1 The CVE-2021-45046 vulnerability is caused by an incomplete fix for CVE-2021-44228 in Log4j v2.15.0, which allows attackers to perform remote code execution via JNDI lookup messages. 

4.2 Cellopoint uses version 2.17.1, which is not affected by this vulnerability.


  1. CVE-2021-45105  

5.1 The CVE-2021-45105 vulnerability allows attackers to exploit a Thread Context Map query, leading to an infinite loop and causing a DoS attack. It affects Log4j versions from v2.0 to v2.16.0 (except for 2.12.3 and 2.3.1). 

5.2 Cellopoint uses version 2.17.1, which is not affected by this vulnerability.

 

Based on the five points above, it is confirmed that Cellopoint is not affected by the Log4j vulnerability. 


Our security team will continue to monitor and address security vulnerabilities to ensure system stability.

Recent Posts

Comments


bottom of page