You can translate the question and the replies:

About Log4J zero-day vulnerability

Greetings here. I've been trying to find whether or not Denodo is affected by CVE-2021-44228 https://nvd.nist.gov/vuln/detail/CVE-2021-44228 but i could not find anything. Can anybody here please confirm if that's the case, if you are looking into it and if so, what tmelines do you consider? Thanks! Leonel A
user
13-12-2021 07:11:59 -0500
code

2 Answers

Hi, Denodo uses an Apache Log4j2 version which is affected by the vulnerability. To mitigate the issue, please add the following property to the JVM options of all Denodo servers: -Dlog4j2.formatMsgNoLookups=true The Configuration of the JVM Parameters from the Command Line User Guide for [Virtual DataPort](https://community.denodo.com/docs/html/browse/8.0/en/platform/installation/denodo_platform_control_center/configuration_of_the_jvm_parameters_from_the_command_line/configuration_of_the_jvm_parameters_from_the_command_line) and [Solution Manager](https://community.denodo.com/docs/html/browse/8.0/en/solution_manager/installation/denodo_platform_control_center/configuration_of_the_jvm_parameters_from_the_command_line/configuration_of_the_jvm_parameters_from_the_command_line) explain how this can be done. After adding the property to java.env.DENODO_OPTS_START of all Denodo tools and servers, running the regenerateFiles script, and restarting all servers, the vulnerability is no longer exploitable. If you have a valid support account, you can open a support case for more information. Hope this helps!
Denodo Team
13-12-2021 12:38:58 -0500
code
Hi, There is now a [Denodo and Apache Log4J RCE Vulnerability](https://community.denodo.com/kb/files/Denodo%20and%20Apache%20log4J%20RCE%20Vulnerability.pdf) knowledge base article which gives a more detailed description of the vulnerability, steps to fix it, and plans to solve the issue in Denodo. Hope this helps!
Denodo Team
13-12-2021 16:55:10 -0500
code
You must sign in to add an answer. If you do not have an account, you can register here