How do I Mitigate LOG4J CVE on Elasticsearch 7.4.0?

kashahyah · December 7, 2022, 1:19am

I have a 3-node ELK cluster in linux. Carbon Black scan picked up some vulnerable jar files. Should I:

system · December 7, 2022, 1:19am

Elasticsearch 7.4 is EOL and no longer supported. Please upgrade ASAP.

(This is an automated response from your friendly Elastic bot. Please report this post if you have any suggestions or concerns )

stephenb · December 7, 2022, 1:36am

Please Refer to the Official Thread on this.

system · January 4, 2023, 1:36am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Does Log4j vulnerability (CVE-2021-44228) is impacted for ES v7.5.2? Elasticsearch	2	1269	January 17, 2022
Log4j CVE-2021-44832 (released 28th dec) - is ES vulnerable? Elasticsearch	10	6648	February 7, 2022
Apache Log4j2 Remote Code Execution (RCE) Vulnerability - CVE-2021-44228 - ESA-2021-31 Security Announcements	7	347684	November 4, 2022
When will the next patch be released for Elasticsearch Elasticsearch	8	1628	January 17, 2022
Log4j Vulnerability Elasticsearch 7.8.0 Elasticsearch	8	772	July 4, 2023