We’ve received a directive to check the effect of the security vulnerabilities applications that are hosting on Lucee:
→ CVE-2021-45046: CVE - CVE-2021-45046
→ CVE-2021-44228: CVE - CVE-2021-44228
Is there any impact to the Lucee that we are currently using? if yes, please suggest the mitigation steps.
Are there any process to identify whether we have impacted?
OS: Ubuntu 18
Java Version: Java 11, inbuilt Lucee provided one.
Tomcat Version: Tomcat9
Lucee Version: 188.8.131.52
I have found the below log4j jar files in the lucee server: