Start a new topic

CVE-2021-44288 status

 

Hello


Are any versions of DBVis vulnerable to CVE-2021-44288, aka the "log4j RCE vulnerability"?


If so, please detail the versions and whether any mitigations or patches are available


Thanks,


Oliver


8 people have this question

Hi


DbVisualizer 9.2.4 and later

DbVisualizer uses the standard Java logging framework and not Log4j. While there are JDBC drivers that DbVisualizer communicates with that use Log4J, the exploit should not be visible in a DbVisualizer environment since it is not a server application. 


DbVisualizer 9.2.3 and earlier

We are in older versions of DbVisualizer using log4j 1.2.16 or older.  According to log4j information, applications using Log4j 1.x, are not impacted by CVE-2021-44228 other than when they use JNDI in their configuration. A separate CVE-2021-4104 was filed for this vulnerability. 


DbVisualizer 9.2.3 and earlier does not use JNDI in its configuration. I.e. DbVisualizer is not vulnerable to CVE-2021-4104.


I hope this answers what you are looking for. Sorry for the late response.


Regards / Peer


Echoing the earlier statement - Need an update on this and if this CVE impacts DbVis.

Any response from the DbVisualizer team on this?  It seems rather urgent.

Login or Signup to post a comment