mhatcb
Contributor
Contributor

Log4j log insight usage in v4.7

Hello

I was looking to patch LogInsight following the article https://kb.vmware.com/s/article/87089 and noted it was only for v8.2-8.6.

We are running a legacy version (v4.7) which we cannot immediately upgrade. Does anyone know if the log4j vulnerability is an issue for this older version of LI?

Thanks in advance

Reply
0 Kudos
Cederberg
Enthusiast
Enthusiast

Hello.

According to to updated KB you are linking to 4.X, 8.0 and 8.1 are not affected by log4j CVE-2021-44228 and CVE-2021-45046.

https://kb.vmware.com/s/article/87089 Updated today with the above information

Reply
0 Kudos
mhatcb
Contributor
Contributor

Thanks for the clarification. I can now see that update which explicitly states the older versions are not affected.

Thanks again

Reply
0 Kudos