Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

log4j2 vulnerability (CVE-2021-44228)

avatar
author-rank MorK
New Contributor

Created on ‎12-11-2021 11:35 PM - last edited on ‎12-13-2021 07:09 AM by Community Manager Community Manager

Hello,

 

I wanted to ask if there's a page / instructions / info regarding the recent log4j2 vulnerability (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228) and how it can affect Cloudera CDH setups? If it does affect, what are the recommended mitigations on it?

 

Thanks,

Mor

30,197 Views
0 Kudos
0
39 REPLIES 39

avatar
author-rank MartinTerreni
Explorer

Created ‎12-12-2021 01:41 AM

It is in deed an important question.

14,152 Views
0 Kudos

avatar
author-rank RajeshTripathy
New Contributor

Created ‎12-12-2021 01:33 PM

Following - Cloudera please provide recommendations as this is really urgent.

14,079 Views
0 Kudos

avatar
author-rank Shahrukh
Contributor

Created ‎12-12-2021 07:26 PM

Please go through below apache docs, its might help 

 

https://logging.apache.org/log4j/2.x/manual/migration.html

13,971 Views
0 Kudos

avatar
author-rank mclaren
New Contributor

Created ‎12-24-2021 12:05 AM

I upgraded log4j to 2.17 0, but the following error occurred when restarting hiveserver2:

 

微信图片_20211224160407.png

9,812 Views
0 Kudos

avatar
author-rank Hanumantha
Explorer

Created ‎12-12-2021 11:30 PM

Hi All,

 

Is there any impact of CVE-2021-44228 - log4j Arbitrary RCE on CDH 5.x and 6.x??

 

Regards,

Hanu

13,719 Views
0 Kudos

avatar
author-rank cjervis author-rank
Community Manager

Created ‎12-13-2021 05:59 AM

Cloudera platform security teams are actively assessing the impact to our on-premises and cloud  products and will provide an impact analysis update to customers as soon as possible.


Cy Jervis, Manager, Community Program
Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
13,555 Views

avatar
author-rank sri840
Explorer

Created ‎12-13-2021 01:41 AM

Hi Team,

 

Currenlty in our organization we are using Cloudera 6.3.1 express edition, recently our company security team came up with log4j CVE-2021-44228  vulnerable, Could you please suggest due to this any problem for cloudera ? 

 

Thanks

Srikanth

13,588 Views
0 Kudos

avatar
author-rank ThomasHopewell
Contributor

Created ‎12-13-2021 02:04 AM

I second this question. I currently administer a CDH 5.16 cluster that we're in the process of upgrading to CDP 7.x. Is there a statement from cloudera about the extent of the vulnerablility in their products and how we can go about patching it?

13,579 Views
0 Kudos

avatar
author-rank sri840
Explorer

Created ‎12-13-2021 02:19 AM

Hi Thomas 

 

Could you please refer to below url , this statement came from apache, but not from Cloudera. 

 

 

https://logging.apache.org/log4j/2.x/security.html

 

Thanks

Srikanth

13,572 Views
Announcements
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics - Kubernetes Operato...
What's New @ Cloudera
[RELEASED] Cloudera Streams Messaging - Kubernetes Operator ...
Community Announcements
February 2025 Community Highlights
What's New @ Cloudera
3 Benefits of External IDE Connectivity, Now Available in Cl...
What's New @ Cloudera
Performance comparison of Spark3 on YARN with S3 Standard VS...
View More Announcements