- Jan 11, 2022 03:40 UTC - Update APM Java Agents advisory for CVE-2021-44832.
[Update Jan 11]
CVE-2021-44832 may be exploited in versions 1.27.0, 1.27.1, 1.28.0, and 1.28.1 if an attacker has access to create files within your application directory. Users should upgrade to APM Java Agent versions 1.26.2 or 1.28.4, which have Log4j 2.12.4 which addresses CVE-2021-44832.
APM Java Agents versions 1.27.0, 1.27.1, 1.28.0, and 1.28.1 are susceptible to CVE-2021-44832 when used in an application where an attacker has access to create files within the application directory. Users should upgrade to APM Java Agent versions 1.26.2 or 1.28.4, which have Log4j 2.12.4 which addresses CVE-2021-44832.
Solutions and Mitigations:
Users running affected versions should upgrade to the latest version (1.26.1, 1.26.2 or 1.28.3 or newer).