Log4j vulnerability impact on FlexNet Connect
Several vulnerabilities have been reported in the Apache Log4j library. This article discusses the impact of the following vulnerabilities on FlexNet Connect:
The Log4j 2.x component is not used in FlexNet Connect Client or FlexNet Connect Back-Office 2017 R3, hence there is no impact from CVE-2021-45105, CVE-2021-45046, or CVE-2021-44228.
There is no impact from CVE-2021-4104 or CVE-2019-17571 on FlexNet Connect Client or FlexNet Connect Back-Office 2017 R3 since the source code does not use any of the following:
- SocketServer class
which are the cause of the Log4j 1.x vulnerabilities mentioned above.
No resolution required.
No workaround required.
- Apache Security Site for CVE severity, score, and vector string: https://logging.apache.org/log4j/2.x/security.html