Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

log4j2 vulnerability (CVE-2021-44228)

avatar
author-rank MorK
New Contributor

Created on ‎12-11-2021 11:35 PM - last edited on ‎12-13-2021 07:09 AM by Community Manager Community Manager

Hello,

 

I wanted to ask if there's a page / instructions / info regarding the recent log4j2 vulnerability (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228) and how it can affect Cloudera CDH setups? If it does affect, what are the recommended mitigations on it?

 

Thanks,

Mor

27,716 Views
0 Kudos
39 REPLIES 39

avatar
author-rank MartinTerreni
Explorer

Created ‎12-12-2021 01:41 AM

It is in deed an important question.

13,466 Views
0 Kudos

avatar
author-rank RajeshTripathy
New Contributor

Created ‎12-12-2021 01:33 PM

Following - Cloudera please provide recommendations as this is really urgent.

13,393 Views
0 Kudos

avatar
author-rank Shahrukh
Contributor

Created ‎12-12-2021 07:26 PM

Please go through below apache docs, its might help 

 

https://logging.apache.org/log4j/2.x/manual/migration.html

13,285 Views
0 Kudos

avatar
author-rank mclaren
New Contributor

Created ‎12-24-2021 12:05 AM

I upgraded log4j to 2.17 0, but the following error occurred when restarting hiveserver2:

 

微信图片_20211224160407.png

9,126 Views
0 Kudos

avatar
author-rank Hanumantha
Explorer

Created ‎12-12-2021 11:30 PM

Hi All,

 

Is there any impact of CVE-2021-44228 - log4j Arbitrary RCE on CDH 5.x and 6.x??

 

Regards,

Hanu

13,033 Views
0 Kudos

avatar
author-rank cjervis author-rank
Community Manager

Created ‎12-13-2021 05:59 AM

Cloudera platform security teams are actively assessing the impact to our on-premises and cloud  products and will provide an impact analysis update to customers as soon as possible.


Cy Jervis, Manager, Community Program
Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
12,869 Views

avatar
author-rank sri840
Explorer

Created ‎12-13-2021 01:41 AM

Hi Team,

 

Currenlty in our organization we are using Cloudera 6.3.1 express edition, recently our company security team came up with log4j CVE-2021-44228  vulnerable, Could you please suggest due to this any problem for cloudera ? 

 

Thanks

Srikanth

12,902 Views
0 Kudos

avatar
author-rank ThomasHopewell
Contributor

Created ‎12-13-2021 02:04 AM

I second this question. I currently administer a CDH 5.16 cluster that we're in the process of upgrading to CDP 7.x. Is there a statement from cloudera about the extent of the vulnerablility in their products and how we can go about patching it?

12,893 Views
0 Kudos

avatar
author-rank sri840
Explorer

Created ‎12-13-2021 02:19 AM

Hi Thomas 

 

Could you please refer to below url , this statement came from apache, but not from Cloudera. 

 

 

https://logging.apache.org/log4j/2.x/security.html

 

Thanks

Srikanth

12,886 Views
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements