Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 11 Next »

KB ID: 10061

Product: vProtect

Version: 4.2.0-4.3.0

Published: 2021-12-14

Last modified: 2021-12-14

Problem

There’s are known bugs in the Apache Log4j2 library:

Solution

To patch the vulnerabilities in CVE-2021-44228 and CVE-2021-45046 please update vprotect to the following versions:

vProtect version 4.3.0

  • server: 4.3.0-45

  • node: 4.3.0-44

vProtect version 4.2.0

  • server: 4.2.0-41

  • node: 4.2.0-29

Instructions on how to upgrade the vProtect are available in the Documentation

The vulnerability CVE-2021-45105 will be patched in the next vProtect release (information in this article will be updated as soon as the fixed version will be released) however it’s worth mentioning that this CVE causes a Denial of Service attack which poses a low risk to end-users as vProtect installations should not be exposed to the Internet and, as for the moment of writing this article, there are no known ways to exploit this vulnerability in vProtect software. vProtect uses Payara software which authors state that they are not vulnerable.[1]

  1. https://www.payara.fish/teamblog/2021/12/14/payara-unaffected-by-log4j-vulnerability/

  • No labels