www.solarwinds.com
Open in
urlscan Pro
2a02:26f0:6c00::210:bad0
Public Scan
URL:
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-44228
Submission: On December 27 via api from US — Scanned from DE
Submission: On December 27 via api from US — Scanned from DE
Form analysis 0 forms found in the DOM
Text Content
* SolarWinds uses cookies on its websites to make your online experience easier
and better. By using our website, you consent to our use of cookies. For more
information on cookies, see our Cookie Policy.
Continue
* Government
* Customer Portal
* Partners
* Events
* Contact Us
* English
* Deutsch
* Español
* Français
* 日本語
* 한국어
* Português
* 中文
Toggle navigation
English
* Deutsch
* Español
* Français
* 日本語
* 한국어
* Português
* 中文
* Products
* Network Management
* Systems Management
* Database Management
* IT Security
* IT Service Management
* Application Management
* All Products
Products
* Network Performance Monitor
* NetFlow Traffic Analyzer
* Network Configuration Manager
* IP Address Manager
* User Device Tracker
* VoIP & Network Quality Manager
* Network Automation Manager
* Log Analyzer
* Network Topology Mapper
* Engineer's Toolset
* ipMonitor
* Kiwi CatTools
* Kiwi Syslog Server
Bundles
* Network Bandwidth Analyzer Pack
* Log and Network Performance Pack
* IP Control Bundle
View All Network Management Products
Unify log management and infrastructure performance with SolarWinds Log
Analyzer.
Aggregate. Search. Chart.
Learn More
Products
* Server & Application Monitor
* Virtualization Manager
* Storage Resource Monitor
* ipMonitor
* Serv-U Managed File Transfer
* Serv-U Secured FTP
* Server Configuration Monitor
* Log Analyzer
* Access Rights Manager
* AppOptics
* Web Performance Monitor
Bundles
* Systems Management Bundle
* Server Performance & Configuration Bundle
* Log and Systems Performance Pack
* Application Performance Optimization Pack
* IT Operations Manager
View All Systems Management Products
Easy-to-use system and application change monitoring with Server
Configuration Monitor.
Learn More
Products
* Database Performance Analyzer
Monitoring and optimizing multiple DBMS platforms has never been simpler
* SQL Sentry
Monitor, diagnose, and optimize SQL Server and Azure SQL
* Database Performance Monitor
Database performance monitoring and optimization for traditional,
open-source, and cloud-native databases
* Database Mapper
Easy-access, self-managed database documentation and data lineage analysis
* Task Factory
Save time managing tedious data warehousing ELT/ETL tasks
* Database Insights for SQL Server
Have complete monitoring and tuning control over your Microsoft SQL Server
environment
View All Database Management Products
Monitor your cloud-native Azure SQL databases with a cloud-native monitoring
solution.
Azure SQL performance monitoring simplifed.
Learn More
Products
* Access Rights Manager
* Security Event Manager
(formerly Log & Event Manager)
* Server Configuration Monitor
* Patch Manager
* Identity Monitor
* Serv-U Managed File Transfer
* Serv-U Secured FTP
* Serv-U Gateway
View All IT Security Products
Help Reduce Insider Threat Risks with SolarWinds® Access Rights Manager
Manage and Audit Access Rights across your Infrastructure.
Learn More
Products
* Service Desk
Cloud Based ITSM Application including Employee Service Management,
Incident and Change Management and IT Asset Management. Integrates with
Dameware Remote Everywhere and the Orion Platform.
* Web Help Desk
Basic On-Premises ticketing software to help manage tickets from request
to resolution. Integrates with Dameware Remote Support and the Orion
Platform.
* Dameware Remote Everywhere
Cloud-Based Remote Support Software with advanced encryption and MFA.
Integrates with SolarWinds Service Desk
* Dameware Remote Support
On-Premises Remote Support Software with FIPS 140-2 encryption standards.
Integrates with SolarWinds Web Help Desk
* Dameware Mini Remote Control
Basic On-Premises Remote Support software
View All IT Service Management Products
SolarWinds Service Desk is a 2020 TrustRadius Winner
Service Desk is a winner in two categories: IT Asset Management and IT
Service Management (ITSM)
Products
* AppOptics
SaaS-based infrastructure and application performance monitoring, tracing,
and custom metrics for hybrid and cloud-custom applications.
* Server & Application Monitor
Infrastructure and application performance monitoring for commercial
off-the-shelf and SaaS applications; built on the SolarWinds® Orion®
platform.
* Loggly
Fast and powerful hosted aggregation, analytics and visualization of
terabytes of machine data across hybrid applications, cloud applications,
and infrastructure.
* Log Analyzer
Monitoring and visualization of machine data from applications and
infrastructure inside the firewall, extending the SolarWinds® Orion®
platform.
* Papertrail
Real-time live tailing, searching, and troubleshooting for cloud
applications and environments.
* Pingdom
Real user, and synthetic monitoring of web applications from outside the
firewall.
* Web Performance Monitor
Web application performance monitoring from inside the firewall.
View All Application Management Products
AppOptics: Next-gen SaaS-based application performance & infrastructure
monitoring.
Accelerates the identification and getting to the root cause of application
performance issues.
Learn More
* Solutions
* CHALLENGE
* Role
* Technology
* Remote Monitoring
Solutions
* Network Solutions
* IT Security Solutions
* Hybrid Systems Monitoring
* Enterprise Solutions
* Infrastructure Management Solutions
* IT Asset Management
* SolarWinds Orion Platform
* Database Management
* SQL Server Diagnostics
* Application Performance Management
* Compliance Solutions
* Scalability Solutions
* Software Defined Solutions
* Customer Success
* IT Automation Software
* IT Cost Optimization
* IT Agility
* Education IT Solutions
* Small Business Solutions
* Hybrid End-User Monitoring
Be the first to know when your public or private applications are down, slow,
or unresponsive.
End user monitoring, hybrid, and simplified.
Learn More
Solutions
* IT Operations Solutions
* IT Help Desk Solutions
* IT Service Desk Solutions
* ITSM Solutions
* ITIL Solutions
* Enterprise Help Desk Solutions
* Global System Integrators
Solutions
* Office 365 Solutions
* Active Directory
* Azure Cloud Solutions
* Cisco Solutions
* MySQL Solutions
* Postgres Solutions
* DigitalOcean Application Solutions
* Azure SQL Solutions
Solutions
* Remote Monitoring Solutions
* Remote Infrastructure Management Solutions
* Secure Remote Access Solutions
* Support Remote Workforce Solutions
* Business Continuity Solutions
* User Experience Monitoring Solutions
* Hybrid Systems Monitoring
* Support
Renew Maintenance
Renew to download the latest product features, get 24/7 tech support, and
access to instructor-led training.
* Renew Maintenance
* Learn about Auto-Renewal
Access the Success Center
Find product guides, documentation, training, onboarding information, and
support articles.
* Access the Success Center
* SmartStart Onboarding
* Support Offerings
Technical Support
Submit a ticket for technical and product assistance, or get customer service
help.
* Americas: +1-512-682-9300
* EMEA: +353 21 5002900
* APAC: +61 2 8412 4900
* Submit a Ticket
* Supported Versions
* End of Life Policy
Training & Certification
Learn through self-study, instructor-led, and on-demand classes with the
SolarWinds Academy.
* SolarWinds Academy
* SolarWinds Certified Professional
Customer Portal
Download the latest product versions and hotfixes. Manage your portal account
and all your products.
* Access the Customer Portal
* Community
THWACK
Connect with more than 150,000+ community members. Get help, be heard by us
and do your job better using our products.
* View THWACK
Orange Matter
Get practical advice on managing IT infrastructure from up-and-coming
industry voices and well-known tech leaders.
* View Orange Matter
LogicalRead Blog
Into databases? Find articles, code and a community of database experts.
* View LogicalRead Blog
Secure by Design Resource Center
Get the latest SolarWinds investigation updates, advice from leading
cybersecurity experts we’re working with, and learn about our Secure by
Design journey.
* View Resources
* FREE TRIALS
* Contact Sales
* Online Quote
*
* Products
* Network Management
* Network Performance Monitor
* NetFlow Traffic Analyzer
* Network Configuration Manager
* IP Address Manager
* User Device Tracker
* VoIP & Network Quality Manager
* Network Automation Manager
* Log Analyzer
* Network Topology Mapper
* Engineer's Toolset
* ipMonitor
* Kiwi CatTools
* Kiwi Syslog Server
* Network Bandwidth Analyzer Pack
* Log and Network Performance Pack
* IP Control Bundle
* Systems Management
* Server & Application Monitor
* Virtualization Manager
* Storage Resource Monitor
* ipMonitor
* Serv-U Managed File Transfer
* Serv-U Secured FTP
* Server Configuration Monitor
* Log Analyzer
* Access Rights Manager
* AppOptics
* Web Performance Monitor
* Systems Management Bundle
* Server Performance & Configuration Bundle
* Log and Systems Performance Pack
* Application Performance Optimization Pack
* IT Operations Manager
* Database Management
* Database Performance Analyzer
* SQL Sentry
* Database Performance Monitor
* Database Mapper
* Task Factory
* Database Insights for SQL Server
* IT Security
* Access Rights Manager
* Security Event Manager
* Server Configuration Monitor
* Patch Manager
* Identity Monitor
* Serv-U Managed File Transfer
* Serv-U Secured FTP
* Serv-U Gateway
* IT Service Management
* Service Desk
* Web Help Desk
* Dameware Remote Everywhere
* Dameware Remote Support
* Dameware Mini Remote Control
* Application Management
* AppOptics
* Server & Application Monitor
* Loggly
* Log Analyzer
* Papertrail
* Pingdom
* Web Performance Monitor
* Solutions
* CHALLENGE
* Network Solutions
* IT Security Solutions
* Hybrid Systems Monitoring
* Enterprise Solutions
* Infrastructure Management Solutions
* IT Asset Management
* SolarWinds Orion Platform
* Database Management
* SQL Server Diagnostics
* Application Performance Management
* Compliance Solutions
* Scalability Solutions
* Software Defined Solutions
* Customer Success
* IT Automation Software
* IT Cost Optimization
* IT Agility
* Education IT Solutions
* Small Business Solutions
* Hybrid End-User Monitoring
* Role
* IT Operations Solutions
* IT Help Desk Solutions
* IT Service Desk Solutions
* ITSM Solutions
* ITIL Solutions
* Enterprise Help Desk Solutions
* Global System Integrators
* Technology
* Office 365 Solutions
* Active Directory
* Azure Cloud Solutions
* Cisco Solutions
* MySQL Solutions
* Postgres Solutions
* DigitalOcean Application Solutions
* Azure SQL Solutions
* Remote Monitoring
* Remote Monitoring Solutions
* Remote Infrastructure Management Solutions
* Secure Remote Access Solutions
* Support Remote Workforce Solutions
* Business Continuity Solutions
* User Experience Monitoring Solutions
* Hybrid Systems Monitoring
* Support
* Renew Maintenance
* Renew Maintenance
* Learn about Auto-Renewal
* Access the Success Center
* Access the Success Center
* SmartStart Onboarding
* Support Offerings
* Technical Support
* Americas: +1-512-682-9300
* EMEA: +353 21 5002900
* APAC: +61 2 8412 4900
* Submit a Ticket
* Supported Versions
* End of Life Policy
* Training & Certification
* SolarWinds Academy
* SolarWinds Certified Professional
* Customer Portal
* Access the Customer Portal
* Community
* THWACK
* View THWACK
* Orange Matter
* View Orange Matter
* LogicalRead Blog
* View LogicalRead Blog
* Secure by Design Resource Center
* View Resources
* FREE TRIALS
* Contact Sales
* Online Quote
* View All Products View Free Tools
Trust Center Index Page SolarWinds Trust Center Security Advisories |
CVE-2021-44228
Apache Log4j Critical Vulnerability (CVE-2021-44228)
Download PDF Send an email
Security Vulnerability
Released: December 12, 2021 Last updated: December 23, 2021
Assigning CNA: Apache Software Foundation
SECURITY ADVISORY SUMMARY
UPDATE December 23, 2021: Updated to announce the availability of the Database
Performance Analyzer (DPA) hotfix released December 22, 2021, which is available
for DPA customers in their Customer Portal at
https://customerportal.solarwinds.com/. Additionally, NIST has upgraded the
severity of CVE-2021-45046 from 3.7 Low to 9.0 Critical. We’ve also added new
CISA mitigation guidance: Mitigating Log4Shell and Other Log4j-Related
Vulnerabilities.
SolarWinds recommends customers of SAM and DPA apply the available hotfixes to
their systems, and follow the guidance captured in the accompanying release
notes.
UPDATE December 20, 2021: Updated to announce the availability of the Server &
Application Monitor (SAM) hotfix released today, December 20, 2021, which is
available for SAM customers in their Customer Portal at
https://customerportal.solarwinds.com/.
UPDATE December 18, 2021: SolarWinds is evaluating the Apache Log4j Denial of
Service vulnerability CVE-2021-45105, announced December 18, 2021, and the
release of Apache Log4j 2.17. Please visit this page for updates. You can
Subscribe to this RSS Feed to be notified when we update this page (note: you
will need to cut and paste the "Subscribe to this RSS feed" URL into an RSS Feed
Reader, e.g., Outlook's RSS Subscriptions, to monitor updates).
UPDATE December 17, 2021: Updated to announce the availability of the Database
Performance Analyzer (DPA) hotfix released today, December 17, 2021, which is
available for DPA customers in their Customer Portal at
https://customerportal.solarwinds.com/.
This update also reflects CISA Emergency Directive 22-02 Mitigate Apache Log4j
Vulnerability, issued December 17, 2021, and we have posted a new security
advisory for CVE-2021-4104.
Guidance for all three CVEs related to the Log4j issue is available on this
page:
* CVE-2021-44228
* CVE-2021-45046
* CVE-2021-4104
UPDATE December 16, 2021: Updated to reflect availability of and support for
Log4j 2.16.0 to resolve CVE-2021-45046 vulnerability reported on Log4j.
NOTE: SolarWinds products do not use JMSAppender, and are not known to be
affected by the vulnerability identified in CVE-2021-4104.
UPDATE December 13, 2021: NOTE: This security vulnerability only affects Server
& Application Monitor (SAM) and Database Performance Analyzer (DPA) and does not
affect any other SolarWinds or N-able (formerly SolarWinds MSP) products.
You can Subscribe to this RSS Feed to be notified when we update this page
(note: you will need to cut and paste the "Subscribe to this RSS Feed" URL into
an RSS Feed Reader, e.g., Outlook's RSS Subscriptions, to monitor updates).
December 9, 2021, the Apache Software Foundation released Log4j 2.15.0 to
resolve a critical remote code execution vulnerability (CVE-2021-44228)
affecting versions 2.0-beta9 through 2.14.1.
December 13, 2021, the Apache Software Foundation released Log4j 2.16.0 to
disable default access to JNDI lookups and limits the protocols by default to
only java, ldap, and ldaps and limits the ldap protocols to only accessing Java
primitive objects to resolve a vulnerability which could leave an affected
system open to a Denial-of-Service (DOS) attack (CVE-2021-45046).
December 17, 2021, the Apache Software Foundation released Log4j 2.17.0 to
resolve a Denial-of-Service vulnerability in Apache Log4j2 versions 2.0-alpha1
through 2.16.0, which did not protect from uncontrolled recursion from
self-referential lookups (CVE-2021-45105).
December 21, 2021, the National Institute of Standards and Technology (NIST)
upgraded CVE-2021-45046 from a severity of 3.7 (Low) as originally reported on
December 14, to 9.0 (Critical).
Apache Log4j is a popular Java logging library incorporated into a wide range of
enterprise software (including Struts2, Solr, Druid, and Flink). This is a
well-known vulnerability affecting numerous software companies.
The following SolarWinds products utilize an affected version of Apache Log4j in
their codebase:
* Server & Application Monitor (SAM)
* Database Performance Analyzer (DPA)
First, it’s important to note the Orion Platform core is not affected and does
not utilize Apache Log4j.
The only two SolarWinds products we have identified as affected by this
vulnerability are Server & Application Monitor (SAM) and Database Performance
Analyzer (DPA). We have not identified any other SolarWinds products as affected
by this vulnerability.
Server & Application Monitor (SAM) (JMX Monitoring feature) in versions prior to
the recent hotfixes utilize the vulnerable Log4j library, but it uses the JDK
version 16 which is not known at this time to be susceptible to the Log4j
vulnerability. SolarWinds recommends upgrading your version of SAM to the latest
available, or following the instructions provided in the KB article linked below
to update the Log4j libraries it uses, for the protection of your environment.
SolarWinds engineers released a hotfix December 20, 2021, to replace the
existing library with Apache Log4j 2.16.0. You can download the hotfix for your
SAM version in your Customer Portal at https://customerportal.solarwinds.com.
For more information, please see the following KB article for the latest details
specific to the SAM hotfix:
https://support.solarwinds.com/SuccessCenter/s/article/Server-Application-Monitor-SAM-and-the-Apache-Log4j-Vulnerability-CVE-2021-44228?language=en_US.
As the Apache Software Foundation continues to update Log4j, SolarWinds will
examine compatibility with SAM and will update this article accordingly.
Database Performance Analyzer (DPA) utilizes the vulnerable library but also
uses a later version of the Java SDK which may reduce the risk of the
vulnerability. SolarWinds recommends upgrading your version of DPA to the latest
available, or following the instructions provided in the KB article linked below
to update the Log4j libraries it uses, for the protection of your environment.
SolarWinds engineers released a hotfix December 22, 2021, to replace the
existing library with Apache Log4j 2.17.0. You can download the hotfix for your
DPA version in your Customer Portal at https://customerportal.solarwinds.com.
For more information, please see the following KB article:
https://support.solarwinds.com/SuccessCenter/s/article/Database-Performance-Analyzer-DPA-and-the-Apache-Log4j-Vulnerability-CVE-2021-44228?language=en_US.
As the Apache Software Foundation continues to update Log4j, SolarWinds will
examine compatibility with DPA and will update this article accordingly.
This issue affects DPA customers running the following versions, as earlier
versions of DPA are based on an older version of Log4j without this issue:
* DPA 2021.1.x
* DPA 2021.3.x
* DPA 2022.1 RC1
As a best practice, SolarWinds always recommends you ensure your environment is
appropriately configured and utilizes the DPA Secure Configuration Guide: Best
Practices and Recommendations, available at:
https://support.solarwinds.com/SuccessCenter/s/article/DPA-Secure-Configuration-Guide-Best-Practices-and-Recommendations.
FAQ
What happened? December 9, 2021, the Apache Software Foundation released Log4j
2.15.0 to resolve a critical remote code execution vulnerability
(CVE-2021-44228) affecting versions 2.0-beta9 through 2.14.1.
December 13, 2021, the Apache Software Foundation released Log4j 2.16.0 to
disable default access to JNDI lookups and limits the protocols by default to
only Java, LDAP, and LDAPS and limits the LDAP protocols to only accessing Java
primitive objects to resolve a vulnerability which could leave an affected
system open to a Denial-of-Service (DOS) attack (CVE-2021-45046).
December 17, 2021, the Apache Software Foundation released Log4j 2.17.0 to
resolve a Denial-of-Service vulnerability in Apache Log4j2 versions 2.0-alpha1
through 2.16.0, which did not protect from uncontrolled recursion from
self-referential lookups (CVE-2021-45105).
December 21, 2021, the National Institute of Standards and Technology (NIST)
upgraded CVE-2021-45026 from a severity of 3.7 (Low) as originally reported on
December 14, to 9.0 (Critical).
Log4j is a popular Java logging library incorporated into a wide range of Apache
enterprise software (including Struts2, Solr, Druid, and Flink).
Why am I seeing so much about this in the media? This is a well-known
vulnerability, affecting numerous software companies.
Have there been any reports to SolarWinds? While there have not been any user or
security researcher reports of this vulnerability affecting SolarWinds software,
we have received several customer inquiries, given the broad industry usage of
Apache software and recent media coverage.
How is SolarWinds addressing this? Our investigations of this issue are active
and ongoing. The Apache Software Foundation’s resolution process is fluid, and
as they release later versions of Log4j, we will support those versions, and
will provide updates accordingly.
This update is as of Thursday, December 23, 2021, at 7:00 a.m. CT. The Orion
Platform core is not affected and does not utilize Apache Log4j.
What SolarWinds products are affected? The following SolarWinds products utilize
an affected version of Apache Log4j in their codebase:
* Server & Application Monitor (SAM)
* Database Performance Analyzer (DPA)
We have not identified any other SolarWinds products as affected by this
vulnerability.
What do I need to know about SAM? Server & Application Monitor (SAM) (JMX
Monitoring feature) utilizes the vulnerable Log4j library, but it uses JDK
version 16 which is not known at this time to be susceptible to the Log4j
vulnerability.
SolarWinds engineers released a hotfix December 20, 2021, to replace the
existing library with Apache Log4j 2.16.0. You can download the hotfix for your
SAM version in your Customer Portal at https://customerportal.solarwinds.com.
For more information, please see the following KB article for the latest details
specific to the SAM hotfix:
https://support.solarwinds.com/SuccessCenter/s/article/Server-Application-Monitor-SAM-and-the-Apache-Log4j-Vulnerability-CVE-2021-44228?language=en_US.
As the Apache Software Foundation continues to update Log4j, SolarWinds will
examine compatibility with SAM and will update this article accordingly.
What do I need to know about DPA? Database Performance Analyzer (DPA) utilizes
the vulnerable library but also uses a later version of the Java SDK which may
reduce the risk of the vulnerability.
SolarWinds engineers released a hotfix December 22, 2021, to replace the
existing library with Apache Log4j 2.17.0. You can download the hotfix for your
DPA version in your Customer Portal at https://customerportal.solarwinds.com/.
For more information, please see the following KB article:
https://support.solarwinds.com/SuccessCenter/s/article/Database-Performance-Analyzer-DPA-and-the-Apache-Log4j-Vulnerability-CVE-2021-44228?language=en_US.
As the Apache Software Foundation continues to update Log4j, SolarWinds will
examine compatibility with DPA and will update this article accordingly.
This issue affects DPA customers running the following versions, as earlier
versions of DPA are based on an older version of Log4j without this issue:
* DPA 2021.1.x
* DPA 2021.3.x
* DPA 2022.1 RC1
As a best practice, SolarWinds always recommends you ensure your environment is
appropriately configured and utilizes the DPA Secure Configuration Guide: Best
Practices and Recommendations, available at:
https://support.solarwinds.com/SuccessCenter/s/article/DPA-Secure-Configuration-Guide-Best-Practices-and-Recommendations.
What actions should I take? SolarWinds recommends its customers upgrade to the
latest versions of these products once they become generally available.
SolarWinds also always recommends implementing the safeguards in the Secure
Configuration for the Orion Platform guide available at:
https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm.
Is the Orion Platform code affected? No, the Orion Platform core is not affected
and does not utilize Apache Log4j.
I’ve heard about a new vulnerability with JMSAppender – is SolarWinds affected
by this vulnerability? SolarWinds products do not use JMSAppender, and are not
known to be affected by the vulnerability identified in CVE-2021-4104.
Is there any additional information available? Please refer to following
resources:
Cybersecurity & Infrastructure Security Agency (CISA) guidance:
* Mitigating Log4Shell and Other Log4j-Related Vulnerabilities (published
December 22, 2021):
https://www.cisa.gov/uscert/ncas/current-activity/2021/12/22/mitigating-log4shell-and-other-log4j-related-vulnerabilities
* Emergency Directive 22-02 Mitigate Apache Log4j Vulnerability (issued
December 17, 2021): https://www.cisa.gov/emergency-directive-22-02
* CISA Issues ED 22-02 Directing Federal Agencies to Mitigate Apache Log4j
Vulnerabilities (published December 17, 2021):
https://www.cisa.gov/uscert/ncas/current-activity/2021/12/17/cisa-issues-ed-22-02-directing-federal-agencies-mitigate-apache
* Apache Log4j Vulnerability Guidance page (published December 15, 2021):
https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance
* CISA Log4j (CVE-2021-44228) Vulnerability Guidance GitHub repository (created
December 14, 2021): https://github.com/cisagov/log4j-affected-db
* Statement from CISA Director Easterly on “Log4j” Vulnerability (published
December 11, 2021):
https://www.cisa.gov/news/2021/12/11/statement-cisa-director-easterly-log4j-vulnerability
* Apache Releases Log4j Version 2.15.0 to Address Critical RCE Vulnerability
Under Exploitation (published December 10, 2021):
https://www.cisa.gov/uscert/ncas/current-activity/2021/12/10/apache-releases-log4j-version-2150-address-critical-rce
The Apache Foundation guidance:
* Apache Log4j Security Vulnerabilities:
https://logging.apache.org/log4j/2.x/security.html
Disclaimer
Please note, any content posted herein is provided as a suggestion or
recommendation to you for your internal use. This is not part of the SolarWinds
software or documentation that you purchased from SolarWinds, and the
information set forth herein may come from third parties. Your organization
should internally review and assess to what extent, if any, such custom scripts,
or recommendations will be incorporated into your environment. You elect to use
third-party content at your own risk, and you will be solely responsible for the
incorporation of the same if any.
Revisions
Version Revision Date Description 1.8 December 23, 2021 Updated with Database
Performance Analyzer hotfix, updated FAQ information. These are informational
changes only. 1.7 December 20, 2021 Updated with Server & Application Monitor
hotfix, updated FAQ information. These are informational changes only. 1.6
December 18, 2021 Updated FAQ information. These are informational changes only.
1.5 December 17, 2021 Updated with Database Performance Analyzer hotfix, new
CISA Emergency Directive 22-02, new SolarWinds security advisory for
CVE-2021-4104. 1.4 December 16, 2021 Notice added. Updated FAQ information.
These are informational changes only. 1.3 December 13, 2021 Updated FAQ
information. Added RSS feed instructions. These are informational changes only.
1.2 December 12, 2021 Added KB article links. This is an informational change
only. 1.1 December 12, 2021 Updated FAQ information. This is an informational
change only. 1.0 December 12, 2021 Information Published
ADVISORY DETAILS
SEVERITY
10.0 Critical
ADVISORY ID
CVE-2021-44228
FIRST PUBLISHED
12/12/2021
LAST UPDATED
12/23/2021
We’re Geekbuilt.®
Developed by network and systems engineers who know what it takes to manage
today's dynamic IT environments, SolarWinds has a deep connection to the IT
community.
The result? IT management products that are effective, accessible, and easy to
use.
*
*
*
*
Company Investors EVENTS Career Center Security Advisory
Resource Center Preference Center For Customers For Government GDPR Resource
Center
Legal Documents Privacy California Privacy Rights Security Information
Documentation & Uninstall Information Trust Center Disclosure Policy
© 2021 SolarWinds Worldwide, LLC. All rights reserved.
Close
{{STATIC CONTENT}}
{{CAPTION_TITLE}}
{{CAPTION_CONTENT}}
{{TITLE}}