Vulnerability Information from NetApp Security Portal Summary CVE ID: CVE-2021-44832 Advisory ID: NTAP-20220104-0001 Version: 7.0 Last Updated: 01/31/2022 Status: Final Background Multiple NetApp products incorporate Apache Log4j, which is vulnerable to Remote Code Execution (RCE) under specific conditions. Affected Apache Log4j Versions Versions 2.0-beta7 through 2.17.0 (excluding 2.3.2 and 2.12.4). Exploitation Scenario Vulnerability triggers when configured to use a JDBC Appender with a JNDI LDAP data source URI, controlled by the attacker. Potential Impact Successful exploitation can result in: - Disclosure of sensitive information. - Addition or modification of data. - Denial of Service (DoS). Vulnerability Score CVSS Score: MEDIUM (6.6) Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H Further Details Public disclosures and exploitation details are acknowledged by NetApp. Ongoing monitoring and updates provided by NetApp.