Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

log4j2 vulnerability (CVE-2021-44228)

avatar
author-rank MorK
New Contributor

Created on ‎12-11-2021 11:35 PM - last edited on ‎12-13-2021 07:09 AM by Community Manager Community Manager

Hello,

 

I wanted to ask if there's a page / instructions / info regarding the recent log4j2 vulnerability (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228) and how it can affect Cloudera CDH setups? If it does affect, what are the recommended mitigations on it?

 

Thanks,

Mor

27,472 Views
0 Kudos
39 REPLIES 39

avatar
author-rank MartinTerreni
Explorer

Created ‎12-12-2021 01:41 AM

It is in deed an important question.

13,397 Views
0 Kudos

avatar
author-rank RajeshTripathy
New Contributor

Created ‎12-12-2021 01:33 PM

Following - Cloudera please provide recommendations as this is really urgent.

13,324 Views
0 Kudos

avatar
author-rank Shahrukh
Contributor

Created ‎12-12-2021 07:26 PM

Please go through below apache docs, its might help 

 

https://logging.apache.org/log4j/2.x/manual/migration.html

13,216 Views
0 Kudos

avatar
author-rank mclaren
New Contributor

Created ‎12-24-2021 12:05 AM

I upgraded log4j to 2.17 0, but the following error occurred when restarting hiveserver2:

 

微信图片_20211224160407.png

9,057 Views
0 Kudos

avatar
author-rank Hanumantha
Explorer

Created ‎12-12-2021 11:30 PM

Hi All,

 

Is there any impact of CVE-2021-44228 - log4j Arbitrary RCE on CDH 5.x and 6.x??

 

Regards,

Hanu

12,964 Views
0 Kudos

avatar
author-rank cjervis author-rank
Community Manager

Created ‎12-13-2021 05:59 AM

Cloudera platform security teams are actively assessing the impact to our on-premises and cloud  products and will provide an impact analysis update to customers as soon as possible.


Cy Jervis, Manager, Community Program
Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
12,800 Views

avatar
author-rank sri840
Explorer

Created ‎12-13-2021 01:41 AM

Hi Team,

 

Currenlty in our organization we are using Cloudera 6.3.1 express edition, recently our company security team came up with log4j CVE-2021-44228  vulnerable, Could you please suggest due to this any problem for cloudera ? 

 

Thanks

Srikanth

12,833 Views
0 Kudos

avatar
author-rank ThomasHopewell
Contributor

Created ‎12-13-2021 02:04 AM

I second this question. I currently administer a CDH 5.16 cluster that we're in the process of upgrading to CDP 7.x. Is there a statement from cloudera about the extent of the vulnerablility in their products and how we can go about patching it?

12,824 Views
0 Kudos

avatar
author-rank sri840
Explorer

Created ‎12-13-2021 02:19 AM

Hi Thomas 

 

Could you please refer to below url , this statement came from apache, but not from Cloudera. 

 

 

https://logging.apache.org/log4j/2.x/security.html

 

Thanks

Srikanth

12,817 Views
Announcements
What's New @ Cloudera
Cloudera DataFlow 2.9 now supports building GenAI pipelines ...
What's New @ Cloudera
Accelerate Data Scientist Productivity with Cloudera Copilot...
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics - Kubernetes Operato...
Community Announcements
October 2024 Community Highlights
What's New @ Cloudera
Accelerate Your AI with the Cloudera AI Inference Service wi...
View More Announcements