====== Security Advisory on CVE-2021-44228 / CVE-2021-45046 / CVE-2021-45105 / CVE-2021-4104 (Log4j) for all ALE Business Divisions ======

===== Log4j CVEs =====

  * [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228|CVE-2021-44228]]
  * [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046|CVE-2021-45046]]
  * [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45105|CVE-2021-45105]]
  * [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4104|CVE-2021-4104]]

===== ALE Security Advisories =====
  * [[https://myportal.al-enterprise.com/a4F5I000000YQJmUAO|Direct link to Security Advisory for our ALE Business Partners (MyPortal)]]
  * [[https://al-enterprise.lightning.force.com/a4F5I000000YQJmUAO|Direct link to Security Advisory for our ALE employees]]
  * [[https://www.al-enterprise.com/en/support/security-advisories|ALE Security-Advisory PSIRT Landing Page]]
  * [[https://www.al-enterprise.com//en/search#t=all&sort=%40z95xupdated%20descending&f:language=[Language%2FEnglish]&f:content-type=[Content%20Type%2FTechnical%20Documentation%2FSecurity%20advisory]|Public ALE Security Advisory Page]] (Sorted by date, latest advisories first)  
  * Most recent Edition should always be available in this [[https://alcatel-lucent-enterprise.secure.force.com/knowledgebp/articles/Customer_Care_Article/000065673|ALE TKC article]] (requires MyPortal login credentials)
  * The ALE Network Business Division (NBD) published this overview [[https://alcatel-lucent-enterprise.secure.force.com/knowledgebp/articles/Customer_Care_Article/000065677|ALE TKC article]] (requires MyPortal login credentials)
  * The ALE Communication Business Division (CBD) published the following statement on **Log4j version CVE-2021-4104 and CVE-2021-45105** (not vulnerable to both) [[https://alcatel-lucent-enterprise.secure.force.com/knowledgebp/articles/Customer_Care_Article/000065861|ALE TKC article]] (requires MyPortal login credentials)
  * {{ ::sa-c0068-ed08-apache-log4j.pdf |}} :!: (**ed08** as of 22.12.2021 the latest edition) :!:

===== Hotfix for OpenTouch =====
  * [[https://alcatel-lucent-enterprise.secure.force.com/knowledgebp/articles/Customer_Care_Article/000065742|OpenTouch Solution: How to disable the vulnerability "Remote Code Execution vulnerability alert issued by Apache / (CVE-2021-44228)"]] (requires MyPortal login credentials)
    * [[https://alcatel-lucent-enterprise.secure.force.com/knowledgebp/articles/Customer_Care_Article/000065732|OpenTouch Solution: How to disable the vulnerability "Remote Code Execution vulnerability alert issued by Apache / (CVE-2021-44228)" (the actual hotfix/script)]] (requires MyPortal login credentials)
    * All OpenTouch with Suse Versions