Common Vulnerabilities and Exposures

Lists common vulnerabilities and exposures fixed in CFM 2.1.2.

On December 21, 2021 Cloudera released a hotfix for Cloudera Flow Management on Private Cloud Base. It addresses 2 CVEs and other vulnerability concerns as listed below. Cloudera urges all customers to upgrade their DataFlow services to the latest version.

• CVE-2021-44228 which affects Apache Log4j2 versions 2.0 through 2.14.1.

• CVE-2021-45046 which affects Apache Log4j2 version 2.15.0

• LOGBACK-1591 which affects logback versions <= 1.2.7