Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

log4j2 vulnerability (CVE-2021-44228)

avatar
author-rank MorK
New Contributor

Created on ‎12-11-2021 11:35 PM - last edited on ‎12-13-2021 07:09 AM by Community Manager Community Manager

Hello,

 

I wanted to ask if there's a page / instructions / info regarding the recent log4j2 vulnerability (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228) and how it can affect Cloudera CDH setups? If it does affect, what are the recommended mitigations on it?

 

Thanks,

Mor

23,078 Views
0 Kudos
39 REPLIES 39

avatar
author-rank MartinTerreni
Explorer

Created ‎12-12-2021 01:41 AM

It is in deed an important question.

12,136 Views
0 Kudos

avatar
author-rank RajeshTripathy
New Contributor

Created ‎12-12-2021 01:33 PM

Following - Cloudera please provide recommendations as this is really urgent.

12,063 Views
0 Kudos

avatar
author-rank Shahrukh
Contributor

Created ‎12-12-2021 07:26 PM

Please go through below apache docs, its might help 

 

https://logging.apache.org/log4j/2.x/manual/migration.html

11,955 Views
0 Kudos

avatar
author-rank mclaren
New Contributor

Created ‎12-24-2021 12:05 AM

I upgraded log4j to 2.17 0, but the following error occurred when restarting hiveserver2:

 

微信图片_20211224160407.png

7,796 Views
0 Kudos

avatar
author-rank Hanumantha
Explorer

Created ‎12-12-2021 11:30 PM

Hi All,

 

Is there any impact of CVE-2021-44228 - log4j Arbitrary RCE on CDH 5.x and 6.x??

 

Regards,

Hanu

11,703 Views
0 Kudos

avatar
author-rank cjervis author-rank
Community Manager

Created ‎12-13-2021 05:59 AM

Cloudera platform security teams are actively assessing the impact to our on-premises and cloud  products and will provide an impact analysis update to customers as soon as possible.


Cy Jervis, Manager, Community Program
Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
11,539 Views

avatar
author-rank sri840
Explorer

Created ‎12-13-2021 01:41 AM

Hi Team,

 

Currenlty in our organization we are using Cloudera 6.3.1 express edition, recently our company security team came up with log4j CVE-2021-44228  vulnerable, Could you please suggest due to this any problem for cloudera ? 

 

Thanks

Srikanth

11,572 Views
0 Kudos

avatar
author-rank ThomasHopewell
Contributor

Created ‎12-13-2021 02:04 AM

I second this question. I currently administer a CDH 5.16 cluster that we're in the process of upgrading to CDP 7.x. Is there a statement from cloudera about the extent of the vulnerablility in their products and how we can go about patching it?

11,563 Views
0 Kudos

avatar
author-rank sri840
Explorer

Created ‎12-13-2021 02:19 AM

Hi Thomas 

 

Could you please refer to below url , this statement came from apache, but not from Cloudera. 

 

 

https://logging.apache.org/log4j/2.x/security.html

 

Thanks

Srikanth

11,556 Views
Announcements
Product Announcements
[ANNOUNCE] Cloudera on Public Cloud Runtime 7.2.18 is GA!
What's New @ Cloudera
Cloudera Operational Database (COD) supports enhancements to...
Community Announcements
March 2024 Community Highlights
Community Announcements
Celebrating 100,000 Members: A Journey of Growth and Connect...
Product Announcements
[ANNOUNCE] New Cloudera JDBC Connector for Apache Hive 2.6.2...
View More Announcements