This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Revenera Community
- :
- FlexNet Connect
- :
- FlexNet Connect Knowledge Base
- :
- Log4j vulnerability impact on FlexNet Connect
Subscribe
- Mark as New
- Mark as Read
- Subscribe
- Printer Friendly Page
Log4j vulnerability impact on FlexNet Connect
Log4j vulnerability impact on FlexNet Connect
Summary:
Several vulnerabilities have been reported in the Apache Log4j library. This article discusses the impact of the following vulnerabilities on FlexNet Connect:
Log4j 2.x:
- CVE-2021-45105
- CVE-2021-45046
- CVE-2021-44228
Log4j 1.x:
- CVE-2021-4104
- CVE-2019-17571
Description:
The Log4j 2.x component is not used in FlexNet Connect Client or FlexNet Connect Back-Office 2017 R3, hence there is no impact from CVE-2021-45105, CVE-2021-45046, or CVE-2021-44228.
There is no impact from CVE-2021-4104 or CVE-2019-17571 on FlexNet Connect Client or FlexNet Connect Back-Office 2017 R3 since the source code does not use any of the following:
- SocketAppender
- SocketServer class
- SMTPAppender
- JMSAppender
which are the cause of the Log4j 1.x vulnerabilities mentioned above.
Resolution:
No resolution required.
Workaround:
No workaround required.
Additional Information:
- Apache Security Site for CVE severity, score, and vector string: https://logging.apache.org/log4j/2.x/security.html
No ratings