KB10061 Log4j2 vulnerability hotfix in vProtect

Owned by Artur Wójcik, created
Last updated: Feb 18, 2022
1 min read

KB ID: 10061

Product: vProtect

Version: 4.2.0-4.3.0

Published: 2021-12-14

Last modified: 2022-02-02

Problem

There’s are known bugs in the Apache Log4j2 library:

Solution

 

To patch the vulnerabilities these vulnerabilities please update vprotect to the following versions:

vProtect version 4.3.0

  • server: 4.3.0-54

  • node: 4.3.0-54

vProtect version 4.2.0

  • server: 4.2.0-42

  • node: 4.2.0-31

Instructions on how to upgrade the vProtect are available in the Documentation

It’s worth mentioning that these CVEs pose a low risk to end-users as vProtect installations should not be exposed to the Internet and, as of the moment of writing this article, there are no known ways to exploit this vulnerability in vProtect software. vProtect uses Payara software which authors state it is not vulnerable.[1]

 

Related articles

  1. https://www.payara.fish/teamblog/2021/12/14/payara-unaffected-by-log4j-vulnerability/