CloudLink: Apache Log4J vulnerability CVE-2021-44228
Summary: This article provides a list of security vulnerabilities that cannot be exploited on CloudLink, all versions, but which may be flagged by security scanners.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Security Article Type
Security KB
CVE Identifier
CVE-2021-44228
Issue Summary
This article provides a list of security vulnerabilities that cannot be exploited on CloudLink, all versions, but which may be flagged by security scanners.
Details
The vulnerabilities listed in the table below are in order by the date on which CloudLink Engineering determined that CloudLink, all versions, was not vulnerable.
| Third Party Component | CVE ID | Summary of Vulnerability | Reason why Product is not Vulnerable | Date Determined False Positive |
| Apache Log4j |
CVE-2021-44228 |
It is remotely exploitable without authentication, for example, may be exploited over a network without the need for a username and password. |
CloudLink uses log4j-1.2.17. Log4j 1.x does not have JNDI lookup feature. Log4j 1.x JMSAppender code using JNDI API, but this appender is not configured in CloudLink. |
December 13, 2021 |
Recommendations
None
Legal Disclaimer
Affected Products
CloudLink SecureVM, CloudLinkProducts
Product Security InformationArticle Properties
Article Number: 000194928
Article Type: Security KB
Last Modified: 04 Jan 2022
Version: 1
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.