Page History
...
Note | ||||
---|---|---|---|---|
| ||||
Metabase includes Log4j and is vulnerable to CVE-2021-44228. For a first fix we update to Metabase 0.40.7 (which includes Log4j 2.15.0 and protects from the remote code execution exploit). The more recently discovered CVE-2021-45046 requires Log4j 2.16.0 for which no Metabase release is available yet. If you are unsureuncomfortable with CVE-2021-45046, you can update to the fix version for the original CVE and manually turn off Metabase in the affected productsfor now:
|
Overview and Status
Product | CVE-2021-44228 | Fix Status | Fix Release | CVE-2021-45046 | Fix Status (all CVEs) | Fix Release | How To Upgrade | |||
---|---|---|---|---|---|---|---|---|---|---|
ApplicationInsights | vulnerable - fix available | released - Dec 14 | 1.6.3 | vulnerable - fix available | released - Dec 14 | 1.6.3 | Upgrade ApplicationInsights (≥ v1.5.1) | |||
ConnectionsExpert 2.x | vulnerable - fix available | released - Dec 15 | 2.1.3 | vulnerable - fix available | released - Dec 15 | 2.1.3 | Upgrade ConnectionsExpert (> v2.0) | |||
ConnectionsExpert 3.x | vulnerable | in testing | 3.0.2 | vulnerable | in testing | 3.0.2 | Upgrade ConnectionsExpert (> v2.0) | |||
GreenLight | vulnerable - fix available | released - Dec 15 | 4.5.0 | vulnerable - fix available | released - Dec 15 | Upgrading GreenLight - only for >=3.5.x | ||||
Metabase potentially vulnerable 1) | waiting for Metabase | 4.5.1 | ||||||||
iDNA | vulnerable | in testing | 2.11.1 | vulnerable | in testing | 2.11.1 | please contact support | |||
iDNA Applications | vulnerable - fix available | released - Dec 13 | 2.1.2 | vulnerable - fix available | released - Dec 13 | 2.1.2 | Upgrading iDNA Applications | |||
Metabase potentially vulnerable1) | waiting for Metabase | 2 | Upgrading iDNA Applications.1.3 | |||||||
MarvelClient | safe | safe | ||||||||
OfficeExpert | vulnerable - fix available | released - Dec 14 | 4.3.3 | vulnerable - fix available | released - Dec 14 | 4.3.3 | Upgrading OfficeExpert | |||
Metabase potentially vulnerable 1) | waiting for Metabase | 4.3.4 | ||||||||
OfficeExpert EPM | safe | safe | ||||||||
SecurityInsider / GroupExplorer | safe | safe | ||||||||
SmartChanger | safe | safe | ||||||||
Document Properties Plugin | safe | safe | ||||||||
LogViewer Plugin | safe | safe | ||||||||
Network Monitor Plugin | safe | safe | ||||||||
PrefTree Plugin | safe | safe | ||||||||
Tabzilla Plugin | safe | safe | ||||||||
Timezone Helper Plugin | safe | safe |
...
1) See info box "Regarding Metabase" above the table
What happens now? What do I need to do?
...