Frequently Asked Questions
The United States Cybersecurity and Infrastructure Security Agency issued guidance about a vulnerability in Apache’s Log4j software on Monday, December 13, 2021. Subsequently, a second vulnerability was announced due to an incomplete patch. Apache Log4j is java software widely used by many companies for logging purposes. It is often included or bundled with third-party software packages.
The security of both NetApp products and our customer’s safety is a top priority. In response to these vulnerabilities, NetApp has taken immediate action to proactively address any critical vulnerability affecting our products and solutions containing the Log4j software library.
Upon notification of the Log4j vulnerability report the NetApp Security Team initiated investigations in accordance with our incident response processes. NetApp followed the guidance issued to all Log4j customers in addition to following our internal processes for investigation, forensics analysis, and threat mitigation. NetApp will continue to remain vigilant regarding all aspects of this challenging and evolving situation.
At this time, there have been no compromises or successful exploits observed in NetApp products, solutions or in the NetApp environment. The majority of our products and solutions are not affected or have already been reviewed and patched. For the list of NetApp products that are in the process of being patched, please refer to the NetApp Product Security Advisory website: CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, and CVE-2021-44832. These pages will be updated on an ongoing basis to reflect most current status. We are also working closely with our third-party ecosystem to support them.
NetApp will continue to update this advisory as additional information becomes available and will provide answers to common questions below. This advisory should be considered the single source of current, up-to-date, authorized and accurate information from NetApp regarding fully supported products and versions.
Frequently Asked Questions (Updated January 7, 2022)
For questions not covered in the FAQ or the NetApp Product Security Advisory website : CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, CVE-2021-44832 please contact NetApp Global Technical Support.
For media inquiries, please contact firstname.lastname@example.org.