Log4j Vulnerability CVE-2021-44228 (4273218)

Chatee ahora con Soporte

Obtener ayuda en vivo
Completar registro

Iniciar sesión

Solicitar precios

Comuníquese con Ventas

Regresar

Comentarios enviados

¿Este artículo solucionó su problema?

Seleccionar calificación

Título

Log4j Vulnerability CVE-2021-44228
Descripción

Are Toad products affected by the Log4j vulnerability CVE-2021-44228?
Resolución

Toad for Oracle:
Toad for Oracle does not use Log4j. Therefore this vulnerability does not affect the product.
Toad for Oracle uses OraLDAPClntNN.dll (where NN is oracle version number like 12, 18, 19, etc)

It's unclear if Oracle LDAP client this uses Log4j, but believe this is not the case.
Some more information about the exploit:
"An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled"

Toad doesn't use any log message lookup substitution. The only messages we get from LDAP are numeric error codes, and Toad does not use any lookup substitution on them, or anything else.

Toad Edge:
Toad Edge doesn't use Log4j 2, but does use Log4 1.2.17

The range for this particular security vulnerability (CVE-2021-44228) is Log 4j 2.x to Log4j 2.15.0-rc1
Also, Toad Edge is not a server based application. The attack needs to happen over HTTP(S) requests.

Unaffected products:
Toad for Oracle
Toad for Oracle Editions
Toad for SQL Server
Toad for DB2
Toad for SAP
Toad for Data Point
Toad Intelligence Central
Toad Data Modeler
Toad Edge
SQL Navigator
SQL Optimizer for Oracle
SQL Optimizer for SQL Server
SQL Optimizer for DB2 LUW
SQL Optimizer for DB2 ZOS
SQL Optimizer for SAP
Benchmark Factory for Databases
Code Tester for Oracle
Toad DevOps Toolkit
Spotlight on Oracle
Spotlight on SAP
Spotlight on DB2 LUW

Comentarios enviados

¿Este artículo solucionó su problema?

Seleccionar calificación

Solicitar un artículo KB

Contenido recomendado

Producto(s):: Toad Data Point; Toad DevOps Toolkit; Toad Edge; Toad Intelligence Central; Toad for Oracle; Toad for Oracle Subscription
Current; Benchmark Factory for Database
8.4; Code Tester for Oracle; SQL Navigator for Oracle
7.6, 7.5; SQL Optimizer for DB2 LUW
4.4.2, 4.4.1, 4.4; SQL Optimizer for DB2 ZOS
5.6.2, 5.6.1, 5.6; SQL Optimizer for Oracle
9.3.3; SQL Optimizer for SAP ASE
3.9.1, 3.9, 3.8; SQL Optimizer for SQL Server
10.1.2, 10.1.1, 10.1; Toad Data Modeler
7.3; Toad for DB2; Toad for SAP Solutions
4.2; Toad for SQL Server; Spotlight on DB2
6.10, 6.9.3, 6.9.2; Spotlight on Oracle
10.10, 10.9, 10.8, 10.7.1, 10.7; Spotlight on RAC
10.7, 10.6; Spotlight on SAP ASE
2.12, 2.11, 2.10.1

Tema(s):: Troubleshooting

Historial del artículo:: Creado el: 12/13/2021
Última actualización: 5/7/2023

Buscar todos los artículos

Seleccione su producto:

Con el fin de ofrecerle un mejor servicio, complete el campo Motivo del chat:

Soluciones recomendadas para su problema

Log4j Vulnerability CVE-2021-44228 (4273218)

Título

Descripción

Resolución

Leave a Comment