PowerPath: Apache Log4j Remote Code Execution Vulnerability CVE-2021-44228
Summary: PowerPath: Impact of Apache Log4j Remote Code Execution Vulnerability CVE-2021-44228 on PowerPath products
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
On December 10, 2021, a critical remote code vulnerability was published in the Apache Log4j library.
Cause
Resolution
The flaw does not exist and is not applicable for any PowerPath products.
For PowerPath:
PowerPath does not use log4j in any version/platform
For PowerPath Management Appliance (PPMA):
PPMA uses slf4j abstraction for logging and underlying implementation is log4j (log4j12-1.7.5). As log4j 1.x does not offer a look up mechanism, it does not suffer from CVE-2021-44228.
http://slf4j.org/log4shell.html{}
PPMA also bundles the log4j-1.2.15 package provided by SUSE(SLES12SP5) and this package is not impacted by CVE-2021-44228
SUSE Statement:
https://www.suse.com/c/suse-statement-on-log4j-log4shell-cve-2021-44228-vulnerability/
For PowerPath:
PowerPath does not use log4j in any version/platform
For PowerPath Management Appliance (PPMA):
PPMA uses slf4j abstraction for logging and underlying implementation is log4j (log4j12-1.7.5). As log4j 1.x does not offer a look up mechanism, it does not suffer from CVE-2021-44228.
http://slf4j.org/log4shell.html{}
PPMA also bundles the log4j-1.2.15 package provided by SUSE(SLES12SP5) and this package is not impacted by CVE-2021-44228
SUSE Statement:
https://www.suse.com/c/suse-statement-on-log4j-log4shell-cve-2021-44228-vulnerability/
Additional Information
Refer to the KB: 000194414 for details on all the Dell EMC products related to this vulnerability.
Affected Products
PowerPathArticle Properties
Article Number: 000194568
Article Type: Solution
Last Modified: 26 Aug 2022
Version: 3
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.