KNOWLEDGE BASE

Security Vulnerability CVE-2021-44832


Published: 30 Dec 2021
Last Modified Date: 05 Jan 2022

Issue

Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can execute remote code.

Environment

Tableau Products

Resolution

Based on currently available information, we have determined that Tableau products are not affected by CVE-2021-44832 because Tableau does not use JDBC Appender.
Did this article resolve the issue?