Graylog (Multiple Products)

Vendor Data

Vendor Patch Exists

Community Data

Community Resources

Resource	Link
source	https://www.graylog.org/post/graylog-update-for-log4j

Source	Note
NCSC-NL	CVE-2021-4104: Not vuln ; CVE-2021-44228: Fix
NCSC-NL	“The vulnerable Log4j library is used to record GrayLog’s own log information. Vulnerability is not triggered when GrayLog stores exploitation vector from an outer system. Graylog <a href=““https://github.com/Graylog2/graylog2-server/compare/4.2.3...4.2.4"">version 4.2.4 fixes <a href=““https://www.lunasec.io/docs/blog/log4j-zero-day-update-on-cve-2021-45046/"" rel=““nofollow”">another vulnerability”

Source

Note

CVE-2021-4104: Not vuln ; CVE-2021-44228: Fix

“The vulnerable Log4j library is used to record GrayLog’s own log information. Vulnerability is not triggered when GrayLog stores exploitation vector from an outer system. Graylog <a href=““https://github.com/Graylog2/graylog2-server/compare/4.2.3...4.2.4"">version 4.2.4 fixes <a href=““https://www.lunasec.io/docs/blog/log4j-zero-day-update-on-cve-2021-45046/"" rel=““nofollow”">another vulnerability”

Date	Attribution	Description
2022-01-03 12:08:44	NCSC-NL	Updated vendorPatchExists. Updated community note. Updated community link source. Updated community note.