NVIDIA and Hewlett Packard Enterprise (HPE) have confirmed that some of their products are affected by the recently disclosed vulnerabilities in the Apache Log4j logging utility.
A total of three vulnerabilities were identified in the utility – namely CVE-2021-44228 (aka Log4Shell), CVE-2021-45046 and CVE‑2021‑45105 – and at least two of them have been exploited in malicious attacks. Shortly after the issues became public, NVIDIA and HPE started investigating which of their products are affected, and both of them already released patches and mitigations to resolve the bugs or prevent potential exploitation attempts.
The company also notes that, while the DGX Systems do not include the Log4j Java library, users might have installed the vulnerable utility as additional software. Thus, NVIDIA decided to release fixes for multiple DGX OS releases as well.
Read More: securityweek
For more such updates follow us on Google News ITsecuritywire News