INDEX: Log4j vulnerability impact on FlexNet Embedded

Yes

This article is an extension of the Log4j security advisory and serves to consolidate impact and mitigation details of related Log4j vulnerabilities with regards to FlexNet Embedded.

FlexNet Embedded Product Assessment:

Component	CVE	Potential Exposure	Fixed Version	Mitigation Resources
FlexNet Embedded License Server Manager	CVE-2021-44228	Yes (2020.10 or later)	2021.12.2	KB article
	CVE-2021-45046	Yes (2020.10 or later)	2021.12.2	KB article
	CVE-2021-45105	Yes (2020.10 or later)	2021.12.2	KB article
	CVE-2021-44832	No	N/A	N/A
	CVE-2021-4104	No	N/A	N/A
	CVE-2019-17571	No	N/A	N/A
	CVE-2022-23302	No	N/A	N/A
	CVE-2022-23305	No	N/A	N/A
	CVE-2022-23307	No	N/A	N/A
	CVE-2020-9493	No	N/A	N/A
	CVE-2020-9488	No	N/A	N/A
FlexNet Embedded License Server	CVE-2021-44228	No	N/A	N/A
	CVE-2021-45046	No	N/A	N/A
	CVE-2021-45105	No	N/A	N/A
	CVE-2021-4104	Yes	N/A	KB article
	CVE-2019-17571	No	N/A	KB article
	CVE-2022-23302	Yes	N/A	KB article
	CVE-2022-23305	Yes	N/A	KB article
	CVE-2022-23307	No	N/A	N/A
	CVE-2020-9493	No	N/A	N/A
	CVE-2020-9488	Yes	N/A	KB article
FlexNet Embedded SDK	CVE-2021-44228	No	N/A	N/A
	CVE-2021-45046	No	N/A	N/A
	CVE-2021-45105	No	N/A	N/A
	CVE-2021-4104	No	N/A	N/A
	CVE-2019-17571	No	N/A	N/A
	CVE-2022-23302	No	N/A	N/A
	CVE-2022-23305	No	N/A	N/A
	CVE-2022-23307	No	N/A	N/A
	CVE-2020-9493	No	N/A	N/A
	CVE-2020-9488	No	N/A	N/A

oallabauer · ‎Jan 26, 2022

Hi @cvirata is there any update on https://www.cvedetails.com/cve/CVE-2022-23307/ since there are components still containing log4j v1.2.17?

cvirata · ‎Feb 04, 2022

Hello @oallabauer - To help address Log4J vulnerability concerns, the plan is to migrate the FlexNet Embedded Local License Server from Log4J to Logback 1.2.9 as part of the FlexNet Embedded 2022.02 release.

INDEX: Log4j vulnerability impact on FlexNet Embedded

INDEX: Log4j vulnerability impact on FlexNet Embedded

FlexNet Embedded Product Assessment:

Defect Report

security