AEM forms log4j vulnerable

Forum|Forum|4 years ago
December 15, 2021
1 reply
1067 views

We use AEM forms and we use only the rights management modules.

We would like to understand if we are vulnerable to the recent Log4j vulnerabilities, specifically CVE-2021-44228. If so, how do we mitigate?

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

Best answer by Mayank_Tiwari

The impact of vulnerability CVE-2021-44228 reported in log4j2 versions 2.0-beta9 through 2.12.1 and 2.13.0 through 2.14.1 was analysed for AEM Forms and it was found to be impacted as it bundles different versions of log4j2 in different released versions.

The details of the analysis and impacted distributions together with mitigation steps to be performed are outlined at [1]. In case of any issues/questions/clarifications, you may contact us.

[1]: https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html?wcmmode=disabled

Thanks,
Mayank

Mayank_TiwariAccepted solution

Employee

The impact of vulnerability CVE-2021-44228 reported in log4j2 versions 2.0-beta9 through 2.12.1 and 2.13.0 through 2.14.1 was analysed for AEM Forms and it was found to be impacted as it bundles different versions of log4j2 in different released versions.

The details of the analysis and impacted distributions together with mitigation steps to be performed are outlined at [1]. In case of any issues/questions/clarifications, you may contact us.

[1]: https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html?wcmmode=disabled

Thanks,
Mayank

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded