Security Notice - Statement About Apache log4j2 Vulnerabilities
1.Security Notice
Honor has noticed that since December 9, the Apache Software Foundation official website disclosed the Apache Log4j2 remote code execution vulnerability CVE-2021-44228, followed by the CVE-2021-45046 and CVE-2021-45105 vulnerabilities. These vulnerabilities can be remotely exploited
Honor has upgraded to Apache Log4j 2.17.0 to resolve these issues. We have also implemented firewall, WAF and other blocking strategies to reduce the impact of the vulnerabilities.
This notice is released based on Honor's current investigation results and is subject to changes. Honor SRC will update this notice as new information emerges, Please stay tuned.
2.Revision History
2021-12-24 V1.1 UPDATE added description about CVE-2021-45046/CVE-2021-45105
2021-12-10 V1.0 INITIAL
3.Honor Security Procedures
Honor adheres to protecting the ultimate interests of users with best efforts and the principle of responsible disclosure and deal with product security issues through our response mechanism.
To enjoy obtain Honor product vulnerability information, please visit https://www.honor.com/pk/security/
4.Reference
None