How do I Mitigate LOG4J CVE on Elasticsearch 7.4.0?

kashahyah · December 7, 2022, 1:19am

I have a 3-node ELK cluster in linux. Carbon Black scan picked up some vulnerable jar files. Should I:

system · December 7, 2022, 1:19am

Elasticsearch 7.4 is EOL and no longer supported. Please upgrade ASAP.

(This is an automated response from your friendly Elastic bot. Please report this post if you have any suggestions or concerns )

stephenb · December 7, 2022, 1:36am

Please Refer to the Official Thread on this.

system · January 4, 2023, 1:36am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Does Log4j vulnerability (CVE-2021-44228) is impacted for ES v7.5.2? Elasticsearch	2	1268	January 17, 2022
Log4j CVE-2021-44832 (released 28th dec) - is ES vulnerable? Elasticsearch	10	6637	February 7, 2022
Apache Log4j2 Remote Code Execution (RCE) Vulnerability - CVE-2021-44228 - ESA-2021-31 Security Announcements	7	347381	November 4, 2022
When will the next patch be released for Elasticsearch Elasticsearch	8	1624	January 17, 2022
Log4j Vulnerability Elasticsearch 7.8.0 Elasticsearch	8	766	July 4, 2023