CriticalCommvault Exploited CISA KEV Updated
Vulnerability in Apache Log4j Logging Libraries Impacting Commvault Products
CV_2021_12_1 Published Feb 1, 2022
CVE-2021-4104CVE-2021-44228CVE-2021-44832CVE-2021-45046CVE-2021-45105
Affected products & platforms
CommvaultUnclassified
Summary
Vulnerability in Apache Log4j Logging Libraries Impacting Commvault Products
CISA Known Exploited Vulnerability
- Listed:
- Dec 10, 2021 · federal remediation due Dec 24, 2021
- Required action:
- For all affected software assets for which updates exist, the only acceptable remediation actions are: 1) Apply updates; OR 2) remove affected assets from agency networks. Temporary mitigations using one of the measures provided at https://www.cisa.gov/uscert/ed-22-02-apache-log4j-recommended-mitigation-measures are only acceptable until updates are available.
- Ransomware use:
- Known
KEV is a prioritization signal from CISA — remediation detail still comes from the vendor advisory.
Affected versions
- The vulnerability may affect the following Commvault products:Cloud Apps packageOracle agent - Database archiving, data masking, and logical dump backupMicrosoft SQL Server agent - Database archiving, data masking, and table level restoreCommvault File SystemHyperScale X Appliance and Reference Arch
Official advisory · high-confidence parse· fetched 5 hours ago·verify at source
Mitigation
Mitigation steps weren't captured by the parser for this advisory — this is a parsing gap, not a statement that no fix exists. Read the vendor advisory below for the authoritative guidance.
Official advisory · high-confidence parse· fetched 5 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.