Log4j Remote Code Execution Vulnerability (CVE-2021-44228)

This post is to address inquiries and impact of CVE-2021-44228, a zero-day vulnerability identified in Log4j Dec 9, 2021.

Aginity Pro and Premium core application do not use Log4j, but Log4j is a part of Elasticsearch service in both Pro and Premium. Because of the way that Elasticsearch is implemented in our product, it is not susceptible to remote code execution. Further, Elasticsearch is not susceptible on its own to remote code execution with this vulnerability due to its use of the Java Security Manager. When Elasticsearch makes available 7.16.1 which will remove the vulnerable Log4j component, we will upgrade to this version in our product.

We are actively monitoring this issue should further response be required.

Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request