All Products
Search
Document Center

ApsaraDB for HBase:Notification of the impact of Apache Log4j2 vulnerabilities (CVE-2021-44228/CVE-2021-45046) on ApsaraDB for HBase

Last Updated:May 19, 2022

Alibaba Cloud recently discovered remote code execution (RCE) vulnerabilities in Apache Log4j2 and reported the vulnerabilities to Apache. The vulnerabilities do not affect ApsaraDB for HBase Standard Edition or Performance-enhanced Edition, but affect ApsaraDB for HBase Solr.

Vulnerability description

For more information, see . Alibaba Cloud statement on the impact assessment of Apache Log4j2 RCE vulnerability (CVE-2021-44228).

Impacts

  • ApsaraDB for HBase Standard Edition and Performance-enhanced Edition do not use Apache Log4j2 and are not affected by the vulnerabilities.

  • Big DataHub Service (BDS) does not use Apache Log4j2 and is not affected by the vulnerabilities.

  • ApsaraDB for HBase Solr, which is discontinued and being phased out, is affected by the vulnerabilities.

Solutions

If you activated ApsaraDB for HBase Solr, submit a ticket to fix the vulnerabilities.