Apache Log4j Vulnerability: CVE-2021-44228 and CVE-2021-45046


Update 6: Video demonstrating how to apply NetBackup 9.1.0.1 EEB

Last updated: Dec 22nd 2021, 12:00 PM PST

Updating NetBackup to mitigate the log4j exploit

Update 5: CVE-2021-44228 Apache Log4j Vulnerability

Last updated: Dec 20th 2021, 15:00 PM PST

Apache Log4j Vulnerability (Both CVE-2021-44228 and CVE-2021-45046) updates are being provided on a product specific basis at the following locations:

Update 4: CVE-2021-44228 Apache Log4j Vulnerability

Last updated: Dec 13th 2021, 14:30 PM PST

Within the past few days a vulnerability (CVE-2021-44228 Apache Log4j Vulnerability) has been reported that affects a wide variety of systems and software products. This vulnerability does affect some Veritas products. Veritas acknowledges this is an urgent issue, and we are working aggressively to help keep our customers secure. Veritas Engineering is actively assessing all Veritas products to determine if this vulnerability affects the product and will publish support articles with temporary mitigation guidance for products that are impacted. Veritas will also continue to work to quickly provide a patch to permanently address the issue.

Please see the Technical Article below for updates related to CVE-2021-44228 Apache Log4j Vulnerability:
Impact of CVE-2021-44228 Apache Log4j Vulnerability for Veritas Products

Update 3: CVE-2021-44228 Apache Log4j Vulnerability

Last updated: Dec 13th 2021, 12:00 PM PST

Within the past few days a vulnerability (CVE-2021-44228 Apache Log4j Vulnerability) has been reported that affects a wide variety of systems and software products. This vulnerability does affect some Veritas products. Veritas acknowledges this is an urgent issue, and we are working aggressively to help keep our customers secure. Veritas Engineering is actively assessing all Veritas products to determine if this vulnerability affects the product and will publish support articles with temporary mitigation guidance for products that are impacted. Veritas will also continue to work to quickly provide a patch to permanently address the issue.

For information specific to mitigation with NetBackup, please see Impact of CVE-2021-44228 Apache Log4j Vulnerability on NetBackup
For information specific to mitigation with InfoScale, please see Impact of CVE-2021-44228 Appache Log4j Vulnerability on InfoScale
For information specific to mitigation with Enterprise Vault, please see Impact of CVE-2021-44228 Apache Log4j Vulnerability on Enterprise Vault
For information specific to mitigation with eDiscovery Platform, please see Impact of CVE-2021-44228 Apache Log4j Vulnerability on eDiscovery Platform

Update 2: CVE-2021-44228 Apache Log4j Vulnerability

Last updated: Dec 13th 2021, 10:30 AM PST

Within the past few days a vulnerability (CVE-2021-44228 Apache Log4j Vulnerability) has been reported that affects a wide variety of systems and software products. This vulnerability does affect some Veritas products. Veritas acknowledges this is an urgent issue, and we are working aggressively to help keep our customers secure. Veritas Engineering is actively assessing all Veritas products to determine if this vulnerability affects the product and will publish support articles with temporary mitigation guidance for products that are impacted. Veritas will also continue to work to quickly provide a patch to permanently address the issue.

For information specific to mitigation with NetBackup, please see Impact of CVE-2021-44228 Apache Log4j Vulnerability on NetBackup
For information specific to mitigation with InfoScale, please see Impact of CVE-2021-44228 Appache Log4j Vulnerability on InfoScale

Update 1: CVE-2021-44228 Apache Log4j Vulnerability

Last updated: Dec 13th 2021, 9:00 AM PST

Within the past few days a vulnerability (CVE-2021-44228 Apache Log4j Vulnerability) has been reported that affects a wide variety of systems and software products. This vulnerability does affect some Veritas products. Veritas acknowledges this is an urgent issue, and we are working aggressively to help keep our customers secure. Veritas Engineering is actively assessing all Veritas products to determine if this vulnerability affects the product and will publish support articles with temporary mitigation guidance for products that are impacted. Veritas will also continue to work to quickly provide a patch to permanently address the issue.

For information specific to mitigation with NetBackup, please see Impact of CVE-2021-44228 Apache Log4j Vulnerability on NetBackup