CVE-2021-45105 for ELK 7.10.2

Hi

Pertaining to 44228, we have deleted the vulnerable class as per ELK suggestion. For this new 45105, do we need to take any action ? I read default Elasticsearch, logstash, Kibana 7.10.2 are not vulnerable. Is that fine?

Welcome to our community! :smiley:

Please see Apache Log4j2 Remote Code Execution (RCE) Vulnerability - CVE-2021-44228 - ESA-2021-31 for the full details.

Thank you. Im getting confused on there only

It says ELK not vulnerable due to this. But still there is release from ELK to mitigate the same. So my question , is upgrade neccessary to mitigate 45105

I would upgrade anyway, so that you are totally safe as we updated the underlying packages with the issue. It'll stop any false positives if you run scans, and you can safely say you have no deployments of the impacted package as well.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.