Apache log4j 2.16 vulnerability
https://nvd.nist.gov/vuln/detail/CVE-2021-45105
While the severity of this latest vulnerability is not as high as the previous vulnerabilities, for which Quest has supplied a fix to apply to Foglight to remove those vulnerabilities, Quest continues to monitor all documented log4j vulnerabilities.
Quest has confirmed that the latest CVE-2021-45105 vulnerability does not affect Foglight 6.0 customers.
The following components are not affected because these components use Log4J version 1.2.17.
Although the Foglight 6.0.0 cartridges listed below with build IDs beginning with 6.0.0.10-2021121*-* include the log4j 2.16 version, Foglight is not affected by this issue because it is not using a Context Lookup in the code.
The presence however of the Log4j 2.16 file in the Foglight Database cartridge folders may still be reported by security scan tools.
STATUS
Log4j 2.16 has been replaced with the Log4j 2.17.1 version in the 6.0.1.10 database cartridges available for download from here:
https://support.quest.com/foglight-for-databases/6.0.0/download-new-releases
Enhancement ID FOG-2989 has been logged to update the log4j version in Foglight Evolve to 2.17. This has been Included in version 6.1.0.
Enhancement ID FOG-3020 has been logged to update the log4j version in Foglight and Foglight for Databases to 2.17. This has been Included in version 6.1.0.
© ALL RIGHTS RESERVED. Termini di utilizzo Privacy Cookie Preference Center