Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.
Sign In Create an Account Dell Financial Services Premier Sign In Partner Program Sign In
Contact Us

Your Dell.com Carts

Some article numbers may have changed. If this isn't what you're looking for, try searching all articles. Search articles

Article Number: 000194928

CloudLink: Apache Log4J vulnerability CVE-2021-44228

Summary: This article provides a list of security vulnerabilities that cannot be exploited on CloudLink, all versions, but which may be flagged by security scanners.

Article Content

Security Article Type

Security KB

CVE Identifier

CVE-2021-44228

Issue Summary

This article provides a list of security vulnerabilities that cannot be exploited on CloudLink, all versions, but which may be flagged by security scanners.

Details

The vulnerabilities listed in the table below are in order by the date on which CloudLink Engineering determined that CloudLink, all versions, was not vulnerable.
 

Third Party  Component CVE ID Summary of Vulnerability Reason why Product is not Vulnerable Date Determined False Positive
Apache Log4j
 		 CVE-2021-44228
 		 It is remotely exploitable without authentication, for example, may be exploited over a network without the need for a username and password.
 		 CloudLink uses log4j-1.2.17.  Log4j 1.x does not have JNDI lookup feature. Log4j 1.x JMSAppender code using JNDI API, but this appender is not configured in CloudLink.
 		 December 13, 2021

Recommendations

None

Legal Information

Article Properties

Affected Product

CloudLink SecureVM, CloudLink

Product

Product Security Information

Last Published Date

04 Jan 2022

Version

1

Article Type

Security KB

Back to Top