Hi Anchit Parmar, you should have addressed this mail to one of the mailing lists, therefore I'm forwarding this to log4j-user@logging.apache.org. You should probably subscribe to receive responses. You can also poll the mail archives if you do not wish to subscribe.
At this point I would like to point you to the log4j website. Everything related to security vulnerabilities against log4j 2.x is actually documented here: https://logging.apache.org/log4j/2.x/security.html Please do not hesitate to contact d...@logging.apache.org should there be anything missing or could be improved. Warm regards, Dominik ---------- Forwarded message --------- From: anchit parmar <anchit.par...@idbiintech.com> Date: Thu, 20 Jan 2022 at 10:12 Subject: Is Log4j 2.12.4 vulnerable To: <log4j-user-ow...@logging.apache.org> Dear Sir, Request you to please clarify our doubt if log4j 2.12.4 is vulnerable to following CVE’s 1) *CVE-2021-45105* <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45105> 2) *CVE-2021-45046 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046>* 3) *CVE-2021-44228* <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228> Or please suggest a communication mail or medium from where we can clarify the doubt. Warm Regards, Anchit Parmar Team Lead – Vulnerability Management & Penetration Testing Practice Information Security Department IDBI Intech Limited , IDBI Bank Building, Plot No. 39-41, Sector-11, CBD Belapur, Navi Mumbai – 400 614 . Cell- 8779522843 Disclaimer: This e-mail contains privileged information or information belonging to IDBI Intech Ltd and is intended solely for the addressee/s. Access to this email by anyone else is unauthorized. Any copying (whole or partial) or further distribution beyond the original recipient is not intended, and may be unlawful. The recipient acknowledges that IDBI Intech Ltd is unable to exercise control or ensure or guarantee the integrity of the contents of the information contained in e-mail transmissions and further acknowledges that any views expressed in this message are those of the individual sender and are not binding on IDBI Intech Ltd. E-mails are susceptible to alteration and their integrity cannot be guaranteed. IDBI Intech Ltd does not accept any liability for any damages caused on account of this e-mail. If you have received this email in error, please contact the sender and delete the material from your computer. -- Dominik Psenner
