Update on Micro Focus Response to “Log4j” Vulnerability

December 15, 2021 Updates:

Micro Focus is taking immediate action regarding Common Vulnerabilities and Exposures CVE-2021-44228 and CVE-2021-45046.

CVE-2021-44228

Micro Focus is aware of the new guidance from Apache on the Apache Log4j vulnerability described in CVE-2021-44228 relating to newly discovered attack vectors. We are evaluating the impact on each of Micro Focus’ products in both SaaS and on-premise deployment and updating our response to address these newly discovered attacks. We will be issuing updated security bulletins to our customers to ensure there are appropriate options for fully remediating this vulnerability. For on-premises deployment Micro Focus is issuing Security Bulletins on our product support portal with specific instructions on how to block the attack until the component is upgraded to the recommended current version.

CVE-2021-45046

A new zero-day vulnerability (CVE-2021-45046) Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern was reported for the Apache Log4j component on December 14, 2021. CVE-2021-45046 is a reported vulnerability in the Apache Log4j open source-component that allows a denial of service (DOS) attack and is Severity Level 3.7 out of 10. Micro Focus is taking immediate action to analyze, mitigate and remediate, as appropriate.

For more information and regular updates please visit our Security Updates page.

This post was first first published on Home | Micro Focus Blog website by seanhobrien. You can view it by clicking here