Print Email PDF

Apache Log4j CVE and Qumulo


This article explains the Apache Log4j CVE-2021-44228 vulnerability and the level of its impact to Qumulo. It applies to clusters that run any version of Qumulo Core.

Level of Impact

Qumulo is not susceptible to this vulnerability and the Qumulo Linux subsystem does not contain any of the components or services that can trigger this Java Naming and Directory Interface (JNDI) exploit.

Vulnerability Details

This vulnerability allows remote attackers to submit a specially crafted request to vulnerable systems that run unpatched versions of Apache Log4j 2 and then instruct that system to download and execute a malicious payload.

Required Action

No action is required on your part to protect your Qumulo clusters from this vulnerability. However, if you currently deploy Apache Log4j 2 in your environment, we recommend validating your current running version against the latest available build. For more information, see Apache Log4j Security Vulnerabilities in the Apache Logging Services documentation.

Was this article helpful?
1 out of 1 found this helpful



Article is closed for comments.

Have more questions?
Open a Case
Share it, if you like it.