Azure Cache for Redis Vulnerability

kow1120 101 Reputation points
2022-09-05T00:52:56.903+00:00

We are using the Azure Cache for Redis service.
The version of Azure Cache for Redis is 4.0.14.
We have just found a vulnerability in Redis and CVE-2021-32762 and CVE-2021-32626 are the most impactful.

So we would like to confirm the following two points
(1) Does version 4.0.14 of Azure Cache for Redis have any impact on this CVE-2021-32762 and CVE-2021-32626?

(2)If CVE-2021-32762 and CVE-2021-32626 are affected, are there any plans by Microsoft to apply a patch to fix them?

Azure Cache for Redis
Azure Cache for Redis
An Azure service that provides access to a secure, dedicated Redis cache, managed by Microsoft.
224 questions
{count} votes

Accepted answer
  1. GeethaThatipatri-MSFT 28,462 Reputation points Microsoft Employee
    2022-09-06T18:50:50.58+00:00

    Hi @kow1120 As per the product team Looking at the vulnerabilities, both are fixed in Redis 6, and Redis 4, however, we also recommend you migrate to Redis 6 regardless there is retirement for Redis 4 fairly soon.
    As I mentioned above none of the Azure Cache for Redis is impacted by this vulnerability.

    Please let me know if you are looking for any additional information.
    Regards
    Geetha

    Please don't forget to click on 130616-image.png or upvote 130671-image.png button whenever the information provided helps you. Original posters help the community find answers faster by identifying the correct answer.


0 additional answers

Sort by: Most helpful