Security Notice - Statement About Apache log4j2 Vulnerabilities

1.Security Notice


Honor has noticed that since December 9, the Apache Software Foundation official website disclosed the Apache Log4j2 remote code execution vulnerability CVE-2021-44228, followed by the CVE-2021-45046 and CVE-2021-45105 vulnerabilities. These vulnerabilities can be remotely exploited

Honor has upgraded to Apache Log4j 2.17.0 to resolve these issues. We have also implemented firewall, WAF and other blocking strategies to reduce the impact of the vulnerabilities.

This notice is released based on Honor's current investigation results and is subject to changes. Honor SRC will update this notice as new information emerges, Please stay tuned.



2.Revision History


2021-12-24 V1.1 UPDATE added description about CVE-2021-45046/CVE-2021-45105

2021-12-10 V1.0 INITIAL



3.Honor Security Procedures


Honor adheres to protecting the ultimate interests of users with best efforts and the principle of responsible disclosure and deal with product security issues through our response mechanism.

To enjoy obtain Honor product vulnerability information, please visit https://www.honor.com/ie/security/



4.Reference


None