log4j on FlexNet Manager
we have Flexnet Manager for Engineering applications installed on site.
Our security team spotted vulnerable log4j libraries on the following path:
is there a fix for that? if so, what is the procedure to do so.
Please see the following page as the central place for information about the potential exposure status of Flexera products (including FlexNet Manager for Engineering Applications) to recently disclosed Apache log4j vulnerabilities: https://community.flexera.com/t5/Community-Notices/Flexera-s-response-to-Apache-Log4j-vulnerabilities-CVE-2021-4104/ba-p/216934
The following information is currently shown there in relation to FlexNet Manager for Engineering Applications:
- The Flexera Analytics (Cognos) component is potentially exposed to a range of log4j vulnerabilities. Mitigation guidance is available here: https://community.flexera.com/t5/FlexNet-Manager-Knowledge-Base/Flexera-Analytics-Cognos-Mitigation/ta-p/217655
- Other components are not known to be potentially exposed to the primary critical CVE-2021-44228 vulnerability, but are potentially exposed to CVE-2021-4104. Guidance on any mitigation strategies that may be appropriate to be considered is currently pending. Please subscribe to the page above to receive updates as they become available.