Join us for SoftSummit 2023. The 20th anniversary of the industry leading software monetization conference. April 18 and 20. Register Now

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

CVE-2021-4104: Log4j vulnerability impact on FlexNet Embedded

CVE-2021-4104: Log4j vulnerability impact on FlexNet Embedded

Summary:

A vulnerability identified as CVE-2021-4104 has been reported in the Apache Log4j library. Related vulnerabilities have also been identified as CVE-2022-23302, CVE-2022-23305, and CVE-2020-9488. This article addresses all three vulnerabilities. 

Description:

The Apache Log4j vulnerability referenced by the CVE identifier CVE-2021-4104 does not affect the License Server in its default behavior. This issue only affects if the license server logging is integrated with external systems using Log4J Socket Appender. 

This integration is described in the License Server Producer Guide (Appendix E) and the License Server Administration Guide (Appendix D), under the section "Integration of License Server Logging With External Systems." 

NOTE: The license server is not configured to use this class as default, hence the license server is not affected by the vulnerabilities by default.

Similarly, CVE-2022-23302, CVE-2022-23305, and CVE-2020-9488 do not affect the License Server in its default configuration.

Resolution:

Refrain from using Log4J Socket Appender as an external logging mechanism.

Additional Information:

Labels (2)
Was this article helpful? Yes No
No ratings
Version history
Last update:
‎Feb 11, 2022 04:08 PM
Updated by:
Contributors