Return
-
Title
Are the KACE SMA and KACE SDA appliances affected by CVE-2021-44228? -
Description
This article addresses the status of the KACE SMA and KACE SDA Appliances in regards to the Apache Log4j2 Zero-Day exploit identified under CVE-2021-44228. For more details regarding the Apache Log4j2 vulnerability, refer to Fixed in Log4j 2.15.0 section of the Apache Log4j Security Vulnerabilities page.
-
Resolution
It has been confirmed that the Apache Log4j2 Zero-Day exploit identified by CVE-2021-44228 does not impact the KACE SMA and KACE SDA appliances.
Quest recommends that all customers ensure they are running a supported version. The supported versions are not affected by Log4j vulnerability (CVE-2021-44228).
For any questions or assistance on this topic please contact our Tech Support.
-
Additional Information
The KACE SMA and SDA appliances include under the list of Third Party Licenses (Need Help?| About KACE SMA or Need Help? | About KACE SDA) a package named "p5-Log-Log4perl-1.54", please note this is a Log4j implementation for Perl and is unrelated to the Apache Log4j2 exploit described by CVE-2021-44228.