![]() Unless CVE-2021-45105 or CVE-2021-44832 increase in severity, Splunk will address these vulnerabilities as part of the next regular maintenance release of each affected product. Per Apache’s advisory, permission must be granted to the underlying configuration files, and a malicious configuration needs to be created, to exploit this vulnerability. ![]() Apache has designated this vulnerability a severity rating of 6.6 (Moderate). Splunk is additionally reviewing a Remote Code Execution Vulnerability ( CVE-2021-44832) found in Log4j version 2.17.0. Splunk has evaluated where these configuration parameters may exist within our product portfolio, and we have updated the table below accordingly. Per Apache’s advisory, specific non-default configuration parameters need to be present to exploit this vulnerability. Apache has designated this vulnerability a severity rating of 7.5 (High). Splunk also reviewed a Denial of Service Vulnerability ( CVE-2021-45105) found in Log4j version 2.16.0. Supplemental Security Advisory for Splunk AppsĪ supplemental security advisory for Splunk Apps was published on December 14 and is being updated on an ongoing basis. Current customers can file support tickets through standard channels for specific guidance. Please return to this posting for the most up to date information.
0 Comments
Leave a Reply. |