Parallels Statement on Apache CVE-2021-44228

27 users found this article helpful

Applies to:
- Parallels Transporter
- Parallels Toolbox Business Edition
- Parallels Toolbox
- Parallels Remote Application Server
- Parallels Device Management
- Parallels Desktop for Mac Standard Edition
- Parallels Desktop for Mac Pro Edition
- Parallels Desktop for Mac Business Edition
- Parallels Desktop for Mac App Store Edition
- Parallels Desktop for Chrome OS Enterprise and Education Edition
Last Review: Apr 30, 2024
Available Translations:
Get updates Download

Parallels is aware of the security vulnerability CVE-2021-44228 affecting Apache Log4j2 which, if exploited, allows an attacker who is able to control log messages or log message parameters to execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.

Security vulnerability description: https://nvd.nist.gov/vuln/detail/CVE-2021-44228

Please be advised that Parallels products are not affected by CVE-2021-44228 (Log4Shell) since it doesn't use the Log4j library.

Parallels did investigate the potential impact on Parallels products. Please find the present status of every product below:

Product	Status
Parallels RAS	Not affected
Parallels Desktop	Not affected
Parallels Toolbox	Not affected (all platforms)
Parallels Device Management	Not affected
Parallels Client	Not affected (all platforms)
Parallels Transporter	Not affected (all platforms)

Was this article helpful?

Tell us how we can improve it.