log4j on FlexNet Manager

abduljalil_nas · ‎Jan 05, 2022

Greetings,

we have Flexnet Manager for Engineering applications installed on site.

Our security team spotted vulnerable log4j libraries on the following path:

FlexNet/manager/admin/site/webapps/flexnet/WEB-INF/lib/log4j-1.2.17.jar

is there a fix for that? if so, what is the procedure to do so.

ChrisG · ‎Jan 05, 2022

Please see the following page as the central place for information about the potential exposure status of Flexera products (including FlexNet Manager for Engineering Applications) to recently disclosed Apache log4j vulnerabilities: https://community.flexera.com/t5/Community-Notices/Flexera-s-response-to-Apache-Log4j-vulnerabilities-CVE-2021-4104/ba-p/216934

The following information is currently shown there in relation to FlexNet Manager for Engineering Applications:

The Flexera Analytics (Cognos) component is potentially exposed to a range of log4j vulnerabilities. Mitigation guidance is available here: https://community.flexera.com/t5/FlexNet-Manager-Knowledge-Base/Flexera-Analytics-Cognos-Mitigation/ta-p/217655
Other components are not known to be potentially exposed to the primary critical CVE-2021-44228 vulnerability, but are potentially exposed to CVE-2021-4104. Guidance on any mitigation strategies that may be appropriate to be considered is currently pending. Please subscribe to the page above to receive updates as they become available.

(Did my reply solve the question? Click "ACCEPT AS SOLUTION" to help others find answers faster. Liked something? Click "KUDO". Anything expressed here is my own view and not necessarily that of my employer, Flexera.)