cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

INDEX: Log4j vulnerability impact on FlexNet Embedded

INDEX: Log4j vulnerability impact on FlexNet Embedded

This article is an extension of the Log4j security advisory and serves to consolidate impact and mitigation details of related Log4j vulnerabilities with regards to FlexNet Embedded. 

FlexNet Embedded Product Assessment:

Component CVE Potential Exposure Fixed Version Mitigation Resources
FlexNet Embedded License Server Manager CVE-2021-44228 Yes (2020.10 or later) 2021.12.2 KB article
  CVE-2021-45046

Yes (2020.10 or later)

2021.12.2 KB article
  CVE-2021-45105 Yes (2020.10 or later) 2021.12.2 KB article
  CVE-2021-44832 No N/A N/A
  CVE-2021-4104 No N/A N/A
  CVE-2019-17571 No N/A N/A
  CVE-2022-23302 No N/A N/A
  CVE-2022-23305  No N/A N/A
  CVE-2022-23307  No N/A N/A
  CVE-2020-9493 No N/A N/A
  CVE-2020-9488 No N/A N/A
FlexNet Embedded License Server CVE-2021-44228 No N/A N/A
  CVE-2021-45046 No N/A N/A
  CVE-2021-45105 No N/A N/A
  CVE-2021-4104 Yes  N/A KB article
  CVE-2019-17571 No N/A KB article
  CVE-2022-23302  Yes  N/A KB article
  CVE-2022-23305  Yes  N/A KB article
  CVE-2022-23307 No N/A N/A
  CVE-2020-9493 No N/A N/A
  CVE-2020-9488 Yes  N/A KB article
FlexNet Embedded SDK CVE-2021-44228 No N/A N/A
  CVE-2021-45046

No

N/A N/A
  CVE-2021-45105 No N/A N/A
  CVE-2021-4104 No N/A N/A
  CVE-2019-17571 No N/A N/A
  CVE-2022-23302 No N/A N/A
  CVE-2022-23305 No N/A N/A
  CVE-2022-23307 No N/A N/A
  CVE-2020-9493 No N/A N/A
  CVE-2020-9488 No N/A N/A

 

Labels (2)
No ratings
Comments

Hi @cvirata is there any update on https://www.cvedetails.com/cve/CVE-2022-23307/ since there are components still containing log4j v1.2.17?

Hello @oallabauer - To help address Log4J vulnerability concerns, the plan is to migrate the FlexNet Embedded Local License Server from Log4J to Logback  1.2.9 as part of the FlexNet Embedded 2022.02 release.    

Version history
Last update:
‎Feb 11, 2022 04:08 PM
Updated by:
Contributors