Apache Log4j 2 Remote Code Execution Vulnerability Analysis


WDC Tracking Number: WDC-21016
Product Line: Multiple Products and Services
Published: December 13, 2021

Last Updated:  December 16, 2021

Description

Western Digital is aware of a high severity vulnerability (CVE-2021-44228) impacting multiple versions of the Apache Log4j 2 utility that was disclosed publicly via the project’s GitHub on December 9, 2021.

We are actively assessing our supported products and services for potential impact of this vulnerability. As necessary, we will post updates to this bulletin.

The Western Digital software, firmware, and hardware on the following supported products are unaffected:

Products

  • EdgeRover
  • Western Digital My Cloud EX2 Ultra
  • Western Digital My Cloud EX4100
  • Western Digital My Cloud PR2100
  • Western Digital My Cloud PR4100
  • Western Digital My Cloud (P/N: WDBCTLxxxxxxx-10)
  • Western Digital My Cloud Mirror Gen 2
  • Western Digital My Cloud EX2100
  • Western Digital My Cloud DL2100
  • Western Digital My Cloud DL4100
  • Western Digital WD Cloud (Japan)
  • Western Digital My Cloud Home, My Cloud Home Duo
  • Western Digital My Passport Wireless Pro, My Passport Wireless SSD
  • WD Discovery
  • SanDisk Professional G-DRIVE ArmorLock
  • SanDisk Ixpand Wireless Charger
  • SanDisk ibi Smart Photo Manager

Advisory Summary

We continue to investigate our products and services and ask for patience from you, our customers, while we work through this issue.