Statement on Apache Log4j2 remote code execution Vulnerability

Original release date: December 16, 2021


Security Notice

For the recently disclosed Apache Log4j2 vulnerability (CVE-2021-44228), ZTE's affected products have provided solutions and actively carried out fixing work.

For the two Apache Log4j2 vulnerabilities (CVE-2021-45046, CVE-2021-45105) disclosed later, ZTE has completed the impact analysis, and the related solutions and fixing work are in progress.

The customer can contact ZTE's global customer support team for specific information.
ZTE PSIRT will update the progress in time. Please keep following this notice.


Update Records

December 16, 2021, initial release.

December 28, 2021, updated CVE-2021-44228 (in progress), and added CVE-2021-45046, CVE-2021-45105 descriptions.


Global Customer Support Center