Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-20349

log4j in Java Gateway

    XMLWordPrintable

Details

    • Defect (Security)
    • Status: Closed
    • Major
    • Resolution: Won't fix
    • None
    • None
    • Java gateway (J)
    • Team A
    • Sprint 83 (Dec 2021)

    Description

      A newly revealed vulnerability impacting Apache Log4j 2 versions 2.0 to 2.14.1 was disclosed on GitHub on 9.Dec.2021 and registered as CVE-2021-44228 with the highest severity rating. Log4j is an open-source, Java-based logging utility widely used by enterprise applications and cloud services. By utilizing this vulnerability, an attacker could take control of an affected system remotely. There is already information that attackers are actively engaged in mass Internet scanning to identify services vulnerable to exploitation.

      Please check if we use log4j in Java Gateway. If so, does the logging configuration contain org.apache.log4j.net.JMSAppender parameter? 

      Attachments

        Activity

          People

            zabbix.support Zabbix Support Team
            amitrofanov Alexey Mitrofanov
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: