Skip to main content

Hitachi
Contact UsContact Us

HIRT-PUB21001 : Apache Log4j Vulnerability

Last Update: January 04, 2022

1. Overview

Multiple vulnerabilities have been found in Apache Log4j.

CVE-2021-44832: Remote Code Execution Vulnerability
Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration.

CVE-2021-45105: Denial of Service Vulnerability
Apache Log4j2 does not always protect from infinite recursion in lookup evaluation.

CVE-2021-45046: Code Execution Vulnerability
Apache Log4j2 Thread Context Lookup Pattern vulnerable to remote code execution in certain non-default configurations.

CVE-2021-44228: Remote Code Execution Vulnerability
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints.

2. Hitachi Product Information

December 28, 2021

hitachi-sec-2021-225 : Security information Log4j for UPS products [Japanese]
hitachi-sec-2021-226 : Security information Log4j for Hitachi Enterprise Server EP8000 Series [Japanese]
hitachi-sec-2021-315 : Security information for Hitachi Disk Array Systems

December 17, 2021

hitachi-sec-2021-145 : Vulnerability in JP1/VERITAS
hitachi-sec-2021-146 : Vulnerability in Hitachi Device Manager, Hitachi Infrastructure Analytics Advisor, Hitachi Automation Director, Hitachi Ops Center Analyzer, Hitachi Ops Center Automator and Hitachi Ops Center Administrator
hitachi-sec-2021-147 : Vulnerability in Hitachi Storage Plug-in for VMware vCenter

December 14, 2021

Hitachi ID Systems : Log4j Threat Alert

December 10, 2021

Hitachi Vantara : Security Vulnerabilities in Apache Log4j Library (CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105)

3. References

4. Update history

January 04, 2022
  • This webpage was newly created and published.

Masato Terada (HIRT) and Naoko Ohnishi (HIRT)

Related Links