Apache Log4j 脆弱性問題に関する対応状況について
現在発生しておりますApache Log4j の脆弱性問題(CVE-2021-44228)の動向についてシーメンスは注視しており、Log4j を利用している製品への対処を行っております。
パッチ 及び 回避策については、明らかになり次第、最新の情報を提供をさせて頂きます。
On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications)
was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems.
The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”.
On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) was published rendering
the initial mitigations and fix in version 2.15.0 as incomplete under certain non-default configurations.
Log4j versions 2.16.0 and 2.12.2 are supposed to fix both vulnerabilities.
Siemens is currently investigating to determine which products are affected and is continuously updating
this advisory as more information becomes available. See section Additional Information for more details