CVE-2021-45105 and CVE-2020-9488 vulnerabilities with java apm agent 1.28.4

felixbarny · January 19, 2022, 7:10am

Log4j 2.12.4, which is used in the Elastic APM Java Agent 1.28.4 addresses these vulnerabilities.

See also Apache Log4j2 Remote Code Execution (RCE) Vulnerability - CVE-2021-44228 - ESA-2021-31 and Log4j – Apache Log4j Security Vulnerabilities.

If your vulnerability scanner doesn't detect that Log4j 2.12.4/Elastic APM Java Agent 1.28.4 contains fixes to these CVEs, please get in touch with the vendor of this scanner so that they can update their policies.

Topic		Replies	Views
Elastic-apm-agent-1.33.0.jar flagged by security scan APM java	5	449	March 24, 2023
CVE-2020-9488 vulnerabilities with java apm agent 1.34.1 APM java	2	1746	December 7, 2022
Apache Log4j2 Remote Code Execution (RCE) Vulnerability - CVE-2021-44228 - ESA-2021-31 Security Announcements	7	347597	November 4, 2022
Java Apm Agent - Spring4Shell APM java	3	617	April 25, 2022
Remedy for CVE-2018-8088 in elastic-apm-agent-1.21.0.jar? APM java	3	523	March 12, 2021

CVE-2021-45105 and CVE-2020-9488 vulnerabilities with java apm agent 1.28.4

Related topics