1. Home
  2. Security
  3. Log4j CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105 in Bright Cluster Manager

Log4j CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105 in Bright Cluster Manager

The recent announcement and release of 0-day exploits for these issues makes this an important and highly visible topic. Based on a thorough review Bright Cluster Manager itself and the core integrations are unaffected by this bug.

We strongly suggest customers review the workloads and services they are running. If any of those workloads are based on java or tomcat please consult directly with those vendors to ensure they are not affected.

ProductVulnerable?
Bright Cluster ManagerNot Applicable
Hadooplog4j v1 – not vulnerable
Spark 2.4.1log4j v1 – not vulnerable
cm-elk-setuplog4j v1 – not vulnerable
pgi ( nvidia plugin )log4j jar does not contain vulnerable class
cuda ( visual tools )log4j jar does not contain vulnerable class

We will continue to review older and deprecated packages to confirm that none are affected by these vulnerabilities.

Updated on December 18, 2021

Was this article helpful?

Related Articles

Leave a Comment