[Bezpečnostní varování] - Chyba zabezpečení v knihovně Apache Log4j
Napsal: 14 pro 2021, 12:30
Vulnerability in Apache Log4j Library
Release date: December 14, 2021
Security ID: QSA-21-58
CVE identifier: CVE-2021-44228
Affected products: QNAP NAS running certain applications
Status: Investigating
Summary
A vulnerability has been reported to affect the Apache Log4j Java logging library. If exploited, this vulnerability allows attackers to execute arbitrary code. The vulnerability was disclosed on December 9, 2021:
- CVE-2021-44228: Apache Log4j 2 JNDI features do not protect against attacker-controlled LDAP and other JNDI related endpoints
We have determined that the QTS and QuTS hero operating systems are not affected.
For applications which depend on Java Runtime Environment, our current findings are as follows.
Celý článek: https://www.qnap.com/cs-cz/security-advisory/qsa-21-58
Release date: December 14, 2021
Security ID: QSA-21-58
CVE identifier: CVE-2021-44228
Affected products: QNAP NAS running certain applications
Status: Investigating
Summary
A vulnerability has been reported to affect the Apache Log4j Java logging library. If exploited, this vulnerability allows attackers to execute arbitrary code. The vulnerability was disclosed on December 9, 2021:
- CVE-2021-44228: Apache Log4j 2 JNDI features do not protect against attacker-controlled LDAP and other JNDI related endpoints
We have determined that the QTS and QuTS hero operating systems are not affected.
For applications which depend on Java Runtime Environment, our current findings are as follows.
Celý článek: https://www.qnap.com/cs-cz/security-advisory/qsa-21-58