Hi Anchit Parmar, you should have addressed this mail to one of the mailing lists, therefore I'm forwarding this to [email protected]. You should probably subscribe to receive responses. You can also poll the mail archives if you do not wish to subscribe.
At this point I would like to point you to the log4j website. Everything related to security vulnerabilities against log4j 2.x is actually documented here: https://logging.apache.org/log4j/2.x/security.html Please do not hesitate to contact [email protected] should there be anything missing or could be improved. Warm regards, Dominik ---------- Forwarded message --------- From: anchit parmar <[email protected]> Date: Thu, 20 Jan 2022 at 10:12 Subject: Is Log4j 2.12.4 vulnerable To: <[email protected]> Dear Sir, Request you to please clarify our doubt if log4j 2.12.4 is vulnerable to following CVE’s 1) *CVE-2021-45105* <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45105> 2) *CVE-2021-45046 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046>* 3) *CVE-2021-44228* <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228> Or please suggest a communication mail or medium from where we can clarify the doubt. Warm Regards, Anchit Parmar Team Lead – Vulnerability Management & Penetration Testing Practice Information Security Department IDBI Intech Limited , IDBI Bank Building, Plot No. 39-41, Sector-11, CBD Belapur, Navi Mumbai – 400 614 . Cell- 8779522843 Disclaimer: This e-mail contains privileged information or information belonging to IDBI Intech Ltd and is intended solely for the addressee/s. Access to this email by anyone else is unauthorized. Any copying (whole or partial) or further distribution beyond the original recipient is not intended, and may be unlawful. The recipient acknowledges that IDBI Intech Ltd is unable to exercise control or ensure or guarantee the integrity of the contents of the information contained in e-mail transmissions and further acknowledges that any views expressed in this message are those of the individual sender and are not binding on IDBI Intech Ltd. E-mails are susceptible to alteration and their integrity cannot be guaranteed. IDBI Intech Ltd does not accept any liability for any damages caused on account of this e-mail. If you have received this email in error, please contact the sender and delete the material from your computer. -- Dominik Psenner
