A critical vulnerability was recently discovered related to systems/software that run Apache Log4j. More information about these vulnerabilities can be found here:
National Vulnerability Database - CVE-2021-44228 (nist.gov) and CVE CVE-2021-45046.
This is an industry-wide vulnerability affecting the Apache Log4j itself and is not specific to NetVault.
How does this affect me?
It has been confirmed that the Apache Log4j2 Zero-Day exploit identified by CVE-2021-44228 and CVE-2021-45046 only impacts NetVault, when leveraging the optional Elastic Search functionality.
Resolution
Quest has released an update package that addresses the Apache Log4j2 Zero-Day exploit identified under CVE-2021-44228 and CVE CVE-2021-45046.
To resolve the issues associated with the identified vulnerability, please see the associated NetVault knowledge article 335876.
Affected NetVault versions: 12.x, 13.0, 13.0.1, 13.0.2, 13.0.3
Status
There is an update available for NetVault. Please review the following knowledge article for the update package and installation instructions.
For any questions or assistance on this topic please contact Quest Technical Support.
We apologize for the inconvenience this issue may have caused and look forward to assisting you in the future.© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center
