This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

CVE-2021-44228 and Apigee Hybrid

Posted on 12-13-2021 06:15 AM
rhawley
Bronze 2
Bronze 2
Reply posted on --/--/---- --:-- AM

Currently (2021-Dec-13) I cannot find any information about the log4j vulnerability and Apigee Hybrid.

Google Cloud has posted info on the vulnerability, with a link to the Apigee Incident report, where it is listed as "Resolved":

 

Resolved
Apigee has conducted a detailed investigation and we believe that the Edge and OPDK products are not vulnerable to this exploit.
Posted 3 days ago. Dec 10, 2021 - 13:55 PST
 
Is Apigee Hybrid included in this assessment?  To my knowledge, Apigee Hybrid is not an "Edge" product (it is Apigee X), and Apigee Hybrid is not called as as an "OPDK" product.

Links:

Google Cloud: https://cloud.google.com/log4j2-security-advisory
Apigee Incident: https://status.apigee.com/incidents/3cgzb0q2r10p

0 1 347
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
Former Community Member
Not applicable
Reply posted on --/--/---- --:-- AM

Apigee hybrid 1.5 and above does not use log4j and therefore is unaffected.

0 Likes