QID 376362

Date Published: 2022-01-24

QID 376362: Salesforce Data Loader Log4j Remote Code Execution (RCE) Vulnerability

Data Loader is a tool to export, import, update, or delete data in Salesforce. Many users with correct permissions use this tool on a daily basis. Versions of Data Loader (53.0.1 and below) that were downloaded and installed by users before December 20, 2021, may be affected by the Apache Log4j vulnerabilities

This vulnerability is officially known as CVE 2021-44228, or informally it is known as Log4Shell or LogJam. Log4Shell is a Remote Code Execution (RCE) class vulnerability

Affected Versions:
Data Loader Versions 53.0.1 and below

QID detection logic(Authenticated):
This QID checks for vulnerable versions of Data Loader

NOTE: QID will detect Data Loader versions only work if the data loader process running.

This allows hackers to input arbitrary code into an application and hackers can put their own code by adding a single string to the log, which gives them full control over the server.

  • CVSS V3 rated as Critical - 10 severity.
  • CVSS V2 rated as Critical - 9.3 severity.
    • Solution
    Users are advised to download latest version, For more info kindly refer to CVE 2021-44228

    Vendor References

    CVEs related to QID 376362

    CVE-2021-44228 |
    Software Advisories
    Advisory ID Software Component Link
    CVE 2021-44228 URL Logo salesforcetime.com/2021/12/31/salesforce-data-loader-log4j-vulnerability/
    By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].