Reset Search



KB44933 - CVE-2021-44228 - Java logging library (log4j)

« Go Back


Last Modified Date1/28/2022 2:43 PM
Problem or Goal
A vulnerability has been reported today (10th of December, 2021) in Java logging library (log4j) in versions from 2.0.0 up to version 2.14.1.

***UPDATE DECEMBER 14TH 2021 - 11PM GMT***

On the 14th of December 2021, it was determined that the patch provided by the Apache Foundation for CVE-2021-44228 was not completely effective. CVE-2021-45046 was assigned to address the new denial of service vulnerability that affects log4j version 2.15. 

Ivanti has evaluated CVEs: CVE-2021-4104 and CVE-2021-45105 as well and has determined that there are no additional impacts to our Pulse products. 
More details can be found in the links below,

Please find the complete Ivanti Pulse Secure investigation summary below for reference:
Pulse Secure Virtual Traffic ManagerNot Affected
Pulse Secure Services DirectorNot Affected
Pulse Secure Web Application FirewallNot Affected
Pulse Connect SecureNot Affected
Ivanti Connect Secure (ICS)Not Affected
Pulse Policy SecureNot Affected
Pulse Desktop ClientNot Affected
Pulse Mobile ClientNot Affected
Pulse OneNot Affected
Pulse ZTANot Affected
Ivanti Neurons for ZTANot Affected
Ivanti Neurons for secure AccessNot Affected
Note: Log4j 2.x is not used in any of our products.
Related Links
Attachment 1 
Created ByRaghu Kumar



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255