CVE-2021-4104: Log4j vulnerability impact on FlexNet Embedded

CVE-2021-4104: Log4j vulnerability impact on FlexNet Embedded

Summary:

A vulnerability identified as CVE-2021-4104 has been reported in the Apache Log4j library. 

Description:

The Apache Log4j vulnerability referenced by the CVE identifier CVE-2021-4104 does not affect the License Server in its default behavior. This issue only affects if the license server logging is integrated with external systems using Log4J Socket Appender.

This integration is described in the License Server Producer Guide (Appendix E) and the License Server Administration Guide (Appendix D), under the section "Integration of License Server Logging With External Systems." 

NOTE: The license server is not configured to use this class as default, hence the license server is not affected by the vulnerability by default.

Resolution:

Refrain from using Log4J Socket Appender as an external logging mechanism.

Additional Information:

Labels (2)
Was this article helpful? Yes No
No ratings
Version history
Last update:
‎Jan 11, 2022 12:19 PM
Updated by:
Contributors