Showing results for 
Search instead for 
Did you mean: 

ISE 3.0 Patch 5, does it require log4j hotfix?

VIP Advisor VIP Advisor
VIP Advisor

Hi all


Basically the title says it all. Does ISE 3.0 Patch 5 still require the Log4j Hotfix? I'm asking because the release notes state CSCwa47133 as fixed, but neither the hotfix notes nor the bug notes have been updated in regards to Patch 5.




7 Replies 7

VIP Community Legend VIP Community Legend
VIP Community Legend

as per i know yes it is required to patch.


***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Thanks for your replies. Then it's not really nice that this Bug is listed as resolved with P5. 


 - Indeed , but I too am near-sure that it (still) needs to be applied in your case (too). Of course one could look for exploit examples with the searching powers of the Net but that would indeed require some additional efforts.


Also using exploits might damage the appliance, if still vulnerable. But I hope for the best that P5 indeed includes the patch (it was released some 3-4 months after the log4j patch). 


 - That's a dilemma indeed, I don't want to be the always mr. right person. But here there are solutions too, such as importing or migrating/mapping  an appliance to a virtual (VM)-copy and testing on a kind of isolated network. All that of course depends on how strong security requirements for the particular Intranet are.

         - Or even installing a virgin ISE node with the particular ISE-version and testing on it.



Hi @patoberli ,

 please take a look at: CSCwa47133 ISE Evaluation log4j CVE-2021-44228, ISE 3.0 P5 is a Known Fixed Released:

CSCwa47133 00.png


Also take a look at ISE 3.0 Release Notes.

IMO you are good and don't need to install the hotfix.


Hope this helps !!!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers