cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

log4j on FlexNet Manager

Greetings, 

we have Flexnet Manager for Engineering applications installed on site.

Our security team spotted vulnerable log4j libraries on the following path: 

FlexNet/manager/admin/site/webapps/flexnet/WEB-INF/lib/log4j-1.2.17.jar

is there a fix for that? if so, what is the procedure to do so. 

(1) Reply
ChrisG
By Community Manager Community Manager
Community Manager

Please see the following page as the central place for information about the potential exposure status of Flexera products (including FlexNet Manager for Engineering Applications) to recently disclosed Apache log4j vulnerabilities: https://community.flexera.com/t5/Community-Notices/Flexera-s-response-to-Apache-Log4j-vulnerabilities-CVE-2021-4104/ba-p/216934

The following information is currently shown there in relation to FlexNet Manager for Engineering Applications:

  • The Flexera Analytics (Cognos) component is potentially exposed to a range of log4j vulnerabilities. Mitigation guidance is available here: https://community.flexera.com/t5/FlexNet-Manager-Knowledge-Base/Flexera-Analytics-Cognos-Mitigation/ta-p/217655

  • Other components are not known to be potentially exposed to the primary critical CVE-2021-44228 vulnerability, but are potentially exposed to CVE-2021-4104. Guidance on any mitigation strategies that may be appropriate to be considered is currently pending. Please subscribe to the page above to receive updates as they become available.
(Did my reply solve the question? Click "ACCEPT AS SOLUTION" to help others find answers faster. Liked something? Click "KUDO". Anything expressed here is my own view and not necessarily that of my employer, Flexera.)