Announcements for Version 2021.10.2

Security Advisory for Apache Log4J2 (CVE-2021-44228)

Black Duck is aware of the security issue relating to the open-source Apache Log4j 2 Java library dubbed Log4Shell (or LogJam) which was disclosed publicly via the project’s GitHub on December 9, 2021. The vulnerability allows for unauthenticated remote code execution and impacts Apache Log4j 2 versions 2.0 to 2.14.1. For more information, see the official CVE posting.

Based on what we know at this time, we believe that there is limited exposure to Black Duck’ products, services and systems. To the extent we have had exposure, we have remediated or are in the process of remediating the situation. Please continue monitoring our community page for further updates.

See also: https://www.blackduck.com/blog/zero-day-exploit-log4j-analysis.html