Article Number: 000194928
Security KB
CVE-2021-44228
This article provides a list of security vulnerabilities that cannot be exploited on CloudLink, all versions, but which may be flagged by security scanners.
The vulnerabilities listed in the table below are in order by the date on which CloudLink Engineering determined that CloudLink, all versions, was not vulnerable.
Third Party Component | CVE ID | Summary of Vulnerability | Reason why Product is not Vulnerable | Date Determined False Positive |
Apache Log4j |
CVE-2021-44228 |
It is remotely exploitable without authentication, for example, may be exploited over a network without the need for a username and password. |
CloudLink uses log4j-1.2.17. Log4j 1.x does not have JNDI lookup feature. Log4j 1.x JMSAppender code using JNDI API, but this appender is not configured in CloudLink. |
December 13, 2021 |
CloudLink SecureVM, CloudLink
Product Security Information
04 Jan 2022
1
Security KB