New Participant

Solved

Log4j Expliot JNDI for AEM

Forum|Forum|4 years ago
December 11, 2021
5 replies
5362 views

Hi friends,

Does this https://nvd.nist.gov/vuln/detail/CVE-2021-44228 and https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228 vulnerability apply to AEM 6.5 and 6.1 ? Did anyone face any issues with it?

The vulnerability is with org.Apache.logging.Log4j.logger but I see our AEM is using log4j.over.slf4j bundle which is abstract of log4j. But I am not sure that this vulnerability fully applies to AEM as well.

Any recommendation would help.

Thanks

Bipin

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

Best answer by Kiran_Vedantam

All, Check the response from AEM security team here: https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/apache-log4j-remote-code-execution-vulnerability-cve-2021-44228/td-p/434261

AEM seems to be uneffected.

Thanks,

Kiran Vedantam.

JeetendraASahu

New Participant

Refer to https://logging.apache.org/log4j/2.x/security.html link

Kiran_VedantamAccepted solution

New Participant

All, Check the response from AEM security team here: https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/apache-log4j-remote-code-execution-vulnerability-cve-2021-44228/td-p/434261

AEM seems to be uneffected.

Thanks,

Kiran Vedantam.

Magicr

New Participant

How about AEM 6.3, 6.4 and 5.x?

A

AditiVoh

New Participant

Hi Adobe,

We are in similar situation we saw a log4j-over-slf4j in one of AEM directory we are using AEM 6.2 are we affected by this vulnerability?

Regards,

Gerald

S

satishchitikena

New Participant

Aem depfinder not showing any wrapper or log4j dependencies . Sling log using log back .

is there any find out internal implementation using log4j?

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded