Comprehensive data protection for all workloads
e.rottier
Influencer
Posts: 18
Liked: 1 time
Joined: May 06, 2021 1:45 pm
Contact:

Re: Log4shell - CVE-2021-21985

Post by e.rottier »

Ctek wrote: Dec 15, 2021 1:46 am If you upgrade the default v9.5-v11 2012 or 2014 SQL Express instance of Veeam to a 2019 SQL Express instance, with default settings, there you have it
Good find Ctek!

We've also raised this issue at Microsoft, someone also made a ticket for it.
https://docs.microsoft.com/en-us/answer ... cerns.html

Luckely (kind of...) this is an older version (1.2), which is NOT affected by this specific log4jshell exploit. It DOES however stem from 2010 or something, is NOT supported anymore and does also contain another CRITICAL with a 9.8 score... And that was in MS SQL for years! Talk about holes...

All software and libraries with a change date older that 2 years should be (re-)evaluated in my opinion. And I do mean every. single. file.

Post Reply

Who is online

Users browsing this forum: No registered users and 14 guests