Log4j vulnerability impact on FlexNet Connect

Log4j vulnerability impact on FlexNet Connect

Summary:

Several vulnerabilities have been reported in the Apache Log4j library. This article discusses the impact of the following vulnerabilities on FlexNet Connect:

Log4j 2.x:

  • CVE-2021-45105
  • CVE-2021-45046
  • CVE-2021-44228

Log4j 1.x:

  • CVE-2021-4104
  • CVE-2019-17571

Description:

The Log4j 2.x component is not used in FlexNet Connect Client or FlexNet Connect Back-Office 2017 R3, hence there is no impact from CVE-2021-45105, CVE-2021-45046, or CVE-2021-44228.    

There is no impact from CVE-2021-4104 or CVE-2019-17571 on FlexNet Connect Client or FlexNet Connect Back-Office 2017 R3 since the source code does not use any of the following:

  • SocketAppender
  • SocketServer class
  • SMTPAppender
  • JMSAppender

which are the cause of the Log4j 1.x vulnerabilities mentioned above.  

Resolution:

No resolution required.

Workaround:

No workaround required.

Additional Information:

 
 
Was this article helpful? Yes No
No ratings
Version history
Last update:
‎Dec 28, 2021 01:14 PM
Updated by:
Contributors