CVE-2021-44228 is a remote code execution (RCE) vulnerability in Apache Log4j2 discovered by Alibaba Cloud. This vulnerability has been reported to the Apache Software Foundation. According to the DBS development team, this Apache vulnerability affects the security of the DBS physical backup gateway. To solve this issue, the team has updated the backup gateway.
Vulnerability description
For more information, see Alibaba Cloud Statement on the Impact Assessment of Apache Log4j2 RCE Vulnerability (CVE-2021-44228).
Scope
DBS physical backup tasks.
How to fix or mitigate
If you use the original DBS backup gateway, you must update your DBS backup gateway to the latest version at the earliest opportunity and reconnect to the backup gateway for physical backup schedules.
- For more information about how to update the DBS physical backup gateway, see Add a backup gateway.
- For more information about how to connect to a backup gateway, see the Configure a backup source and Configure a backup object sections of Manage a backup plan.