Solutions

SECURITY BULLETIN – Release Control CVE-2021-44228 and CVE-2021-45046 vulnerability



ID:    S143607
Published:    13 December 2021
Updated:    17 December 2021

Operating System(s)

  • All Windows

Product(s)

  • Release Control
 

Description

Potential Security Impact: remote code execution

VULNERABILITY SUMMARY

A potential vulnerability has been identified in the Apache log4j library used by the SBM platform. Because Release Control runs on top of the SBM platform, this also impacts Release Control.

The vulnerability could be exploited to allow remote code execution.

CVE References CVE-2021-45046 & CVE-2021-44228

SUPPORTED SOFTWARE VERSIONS (ONLY impacted versions are listed):

Release Control – 5.x, 6.0.x, 6.1.x, 6.2.x (for earlier versions of Release Control, contact Technical Support)

CVSS Version 3.1 Metrics:

Reference
V3.1 Vector
V3.1 Base Score
  CVE-2021-44228
  CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  10.0 CRITICAL 
  CVE-2021-45046  
  CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L   
  3.7 LOW

Resolution

The full Micro Focus statement on the Log4j Vulnerability is available on the Product Security Response Center.

To mitigate this vulnerability in the SBM platform, follow the steps provided in KB S143605.

For the latest mitigation guidance from Apache, please refer to https://logging.apache.org/log4j/2.x/security.html#CVE-2021-44228


Rate this Solution

Find Answers

Type a question or describe what you are looking for below

My Recent Searches

Welcome kb sso

Additional Assistance

  • Submit a Case Online
  • FAQs