...
Published: 2021-12-14
Last modified: 2021 2022-1202-1402
Problem
There’s a are known bug bugs in the Apache Log4j2 library that allows an attacker to perform RCE attack :
...
...
Solution
To patch the vulnerabilities in CVE-2021-44228 and CVE-2021-45046 vulnerabilities these vulnerabilities please update vprotect to the following versions:
vProtect version 4.3.0
server: 4.3.0-4554
node: 4.3.0-4454
vProtect version 4.2.0
server: 4.2.0-4142
node: 4.2.0-2931
Instructions on how to upgrade the vProtect are available in the Documentation
It’s worth mentioning that these CVEs pose a low risk to end-users as vProtect installations should not be exposed to the Internet and, as of the moment of writing this article, there are no known ways to exploit this vulnerability in vProtect software. vProtect uses Payara software which authors state it is not vulnerable.[1]