VAST Response to CVE-2021-44228

Security Vulnerability Details
VAST Response

Security Vulnerability Details

This update is in response to the remote code execution vulnerabilities in the Log4j Java library, which is also known as Log4Shell.

https://www.cve.org/CVERecord?id=CVE-2021-44228

VAST Response

VAST Software

CVE-2021-44228 is not applicable to VAST Clusters. They are not exposed in anyway since no Java is used in our code base.

Supported Hardware

C-Box/D-Box

We have no risks from our C-Box & D-Box BMC interfaces.

Mellanox Switches

NVIDIA is aware of these vulnerabilities and is evaluating their potential impact and relevance to its products and services, although it is stated "All Networking products" are not impacted.

More information can be found and tracked here: https://nvidia.custhelp.com/app/answers/detail/a_id/5294

Additional Information

We have conducted further checks of our IT, Cloud systems and Uplink Portal (formally named CVMS) to confirm we are not exposed in these environments.

Articles in this section

Security Vulnerability Details

VAST Response

VAST Software

Supported Hardware

C-Box/D-Box

Mellanox Switches

Additional Information

Comments

Articles in this section

Security Vulnerability Details

VAST Response

VAST Software

Supported Hardware

C-Box/D-Box

Mellanox Switches

Additional Information

Related articles