A critical vulnerability in Apache Log4j 2 impacting versions from 2.0-beta9 through 2.12.1 and 2.13.0 through 2.14.1 has been publicly disclosed. The vulnerability has been assigned the identifier CVE-2021-44228.
IBM’s Cognos is included in Flexera Analytics, and is used as a reporting engine for FlexNet Manager Suite and FlexNet Manager for Engineering Applications. Cognos has been identified as potentially being affected by CVE-2021-44228.
See the following article for additional details about this known issue: Flexera Analytics (Cognos) mitigation for Apache Log4j 2 vulnerability CVE-2021-44228.
Fix status
This issue has been fixed in the following FlexNet Manager Suite release: 2021 R1.4 / Mar 2022 (Cloud)
Other information
Affected components: Analytics (Cognos), Security
Master issue ID: IOJ-2236946
Also known as: FNML-74906