- Community Home
- >
- Software
- >
- HPE OneView
- >
- Re: Is OneView vulnerable to the Apache Software L...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-13-2021 01:45 PM - last edited on тАО12-13-2021 08:47 PM by support_s
тАО12-13-2021 01:45 PM - last edited on тАО12-13-2021 08:47 PM by support_s
As title says, I'm looking to determine if the OneView or OneView Global Dashboard appliances (And iLO interfaces for that matter) are vulnerable to the Log4j vulnerability.
I chatted with HPE support, but was not confident in their answer. They directed me to this webpage (https://www.hpe.com/us/en/services/security-vulnerability.html) and said OneVeiw is not listed, so that means its not vulnerable. However, no products are listed on that page, so I was looking for a little more positive confirmation that OneVeiw is not vulnerable. Anyone know for certian?
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-13-2021 02:45 PM
тАО12-13-2021 02:45 PM
SolutionSystem recommended content:
1. Notice: Apache Software Log4j - Security Vulnerability CVE-2021-44228
2. Is NonStop system vulnerable to CVE-2021-44228?
If the above information is helpful, then please click on "Thumbs Up/Kudo" icon.
Thank you for being a HPE community member.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-13-2021 02:54 PM - edited тАО12-13-2021 02:55 PM
тАО12-13-2021 02:54 PM - edited тАО12-13-2021 02:55 PM
Re: Is OneView vulnerable to the Apache Software Log4j Vulnerability (CVE-2021-44228)?
iLO does not use log4j at all, in any firmware version for any generation of ASIC.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-14-2021 08:05 AM
тАО12-14-2021 08:05 AM
Re: Is OneView vulnerable to the Apache Software Log4j Vulnerability (CVE-2021-44228)?
Thank you!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-14-2021 08:06 AM
тАО12-14-2021 08:06 AM
Re: Query: Is OneView vulnerable to the Apache Software Log4j Vulnerability (CVE-2021-4422
Thank you!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-15-2021 01:17 AM
тАО12-15-2021 01:17 AM
Re: Is OneView vulnerable to the Apache Software Log4j Vulnerability (CVE-2021-44228)?
Just a quick question, you said iLO doesn't use Log4j, But i was under the impression that HPE are currently making a new iLO version to fix this, am I wrong?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-15-2021 08:10 AM
тАО12-15-2021 08:10 AM
Re: Is OneView vulnerable to the Apache Software Log4j Vulnerability (CVE-2021-44228)?
Just a quick question, you said iLO doesn't use Log4j, But i was under the impression that HPE are currently making a new iLO version to fix this, am I wrong?
I'm not sure where you recieved that information from, but iLO is not impacted by CVE-2021-44228. We document major vulnerabilities here. The specific details to CVE-2021-44228 here. You will see that iLO4 and iLO5 are in the not vulnerable list, here. We are looking to amend the list to include all versions of iLO.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
