CSCwa46963 - Security: CVE-2021-44228 -> Log4j 2 Vulnerability

k.pertzborn · ‎12-14-2021

What das Release 6.6.0 mean exactly?

All releases beginning with 6.6. or especially only the release 6.6.0 an 6.6.1 is not affected, for example?

Regards and thanks in advance

CYKmb · ‎12-14-2021

Cisco lists zero fixed releases, so at this point you can probably assume ALL versions are affected.

Leo Laohoo · ‎12-15-2021

@CYKmb wrote:

Cisco lists zero fixed releases

Check the Vulnerability in Apache Log4j Library Affecting Cisco Products security bulletin because is it regularly updated. The Vulnerable Products list now contain Fixed Release Availability column.

CYKmb · ‎12-16-2021

Check the Vulnerability in Apache Log4j Library Affecting Cisco Products security bulletin because is it regularly updated. The Vulnerable Products list now contain Fixed Release Availability column.

That still shows ZERO fixed releases.

Leo Laohoo · ‎12-16-2021

I have provided two links to this security vulnerability. I strongly recommend focusing on them instead of the contents in the Bug ID. Why? Because Bug IDs do not get updated regularly (the security bulletin gets updated three times daily).

Leo Laohoo · ‎12-14-2021

yleduc · ‎12-15-2021

the bug id is no longer accessible, also some of the site behaviour has changed.

CYKmb · ‎12-16-2021

I have seen some problems with the bug reporting tool, but I can still reach the bug here https://tools.cisco.com/bugsearch/bug/CSCwa46963. You may need to clear your browser cache, restart your browser or try a private/incognito browsing session.