Enterprise Storage Analytics for vRealize Operations: Apache Log4J vulnerability (CVE-2021-45105 and CVE-2021-44832)
Summary: This article provides a list of security vulnerabilities that cannot be exploited on all versions of Dell EMC Enterprise Storage Analytics for vRealize Operations all versions, but which may be identified by security scanners. ...
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Security Article Type
Security KB
CVE Identifier
CVE-2021-45105, CVE-2021-44832
Issue Summary
This article provides a list of security vulnerabilities that cannot be exploited on all versions of Dell EMC Enterprise Storage Analytics for vRealize Operations all versions, but which may be identified by security scanners.
Details
The vulnerabilities that are listed in the table below are in order by the date on which Dell EMC Enterprise Storage Analytics for vRealize Operations Engineering determined that Dell EMC Enterprise Storage Analytics for vRealize Operations all versions were not vulnerable.
| Third-party Component | CVE IDs | Summary of Vulnerability | Reason why Product is not Vulnerable | Date Determined False Positive |
| Log4j-2.16 | CVE-2021-45105 | Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This may allow an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. | Dell EMC Enterprise Storage Analytics for vRealize Operations log configuration is not using the context lookups (for example, ${ctx:loginId}) in the Log4j pattern layout. | 01/10/2022 |
| Log4j-2.16 | CVE-2021-44832 | Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack where an attacker with permission to modify the logging configuration file may construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can run remote code. | Dell EMC Enterprise Storage Analytics for vRealize Operations team confirmed that JDBC Appender is not being used, also the permission is handled by vROps, not ESA. | 01/10/2022 |
Legal Disclaimer
Affected Products
Enterprise Storage Analytics for vRealize OperationsArticle Properties
Article Number: 000195086
Article Type: Security KB
Last Modified: 19 Sept 2025
Version: 3
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.