[Incident]: Some users report they are unable to access the case portal. Please see this community notice for more information.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

INDEX: Log4j vulnerability impact on FlexNet Operations

INDEX: Log4j vulnerability impact on FlexNet Operations

This article is an extension of the Log4j security advisory and serves to consolidate impact and mitigation details of related Log4j vulnerabilities with regards to FlexNet Publisher.

FlexNet Product Assessment by Component:

FlexNet Operations ALM

Component Current Log4J Version Fixed Version
ALM (core module) 2.17.0

[Resolved]

2022.03: Upgrade to 2.17.2

LFS 2.17.1

[Resolved]

2022.02: Upgraded to 2.17.1

CLS N/A

[Resolved]

2022.02: Migrated from Log4J to Logback 1.2.9

UAS 1.x

[Resolved]

2022.03: Upgrade to 2.17.2

ESD 1.x 2022.04: Upgrade to 2.17.2
NS 2.16.0

[Resolved]

2022.03: Upgrade to 2.17.2

Reporter SSO* 1.x 2022.04: Upgrade to 2.17.1
*Reporter SSO is internally used by the FlexNet Operations system, no expected customer impact.

 

FlexNet Operations LLM

Component Current Log4J Version Fixed Version
LLM (core module) N/A N/A
LFS 2.17.1

[Resolved]

2022.02: Upgraded to 2.17.1

CLS N/A

[Resolved]

2022.02: Migrated from Log4J to Logback 1.2.9

UAS 1.x

[Resolved]

2022.03: Upgrade to 2.17.2

ESD 1.x 2022.04: Upgrade to 2.17.2
Reporter SSO* 1.x 2022.04: Upgrade to 2.17.1
*Reporter SSO is internally used by the FlexNet Operations system, no expected customer impact.

 

FlexNet Operations Product Assessment by CVE:

Product CVE Potential Exposure Fixed Version Mitigation Resources
FlexNet Operations ALM CVE-2021-44228 Yes 2022.01

Upgraded to Log4j 2.17.0

  • Core module
  • Updates and Insights
  CVE-2021-45046 Yes 2022.03

To be upgraded to Log4j 2.17.1

  • Core module
  • Updates and Insights
  CVE-2021-45105 Yes 2022.03

To be upgraded to Log4j 2.17.1

  • Core module
  • Updates and Insights
  CVE-2021-44832 Yes 2022.01

Upgraded to Log4j 2.17.0

  • Core module
  • Updates and Insights

To be upgraded to Log4j 2.17.1 (2022.03)

  CVE-2021-4104 Yes 2022.03

To be upgraded to Log4j 2.17.1

  • LFS
  • UAS
  • CLS
  CVE-2019-17571 Yes 2022.03

To be upgraded to Log4j 2.17.1

  • LFS
  • UAS
  • CLS
FlexNet Operations LLM CVE-2021-44228 No N/A N/A
  CVE-2021-45046 No N/A N/A
  CVE-2021-45105 No N/A N/A
  CVE-2021-44832 No N/A N/A
  CVE-2021-4104 Yes 2022.03 To be upgraded to 2.17.1
  CVE-2019-17571 No N/A N/A
FlexNet Operations On-Premises CVE-2021-44228 Yes 2021 R1 Hotfix KB Article
  CVE-2021-45046 Yes 2021 R1 Hotfix KB Article
  CVE-2021-45105 Yes 2021 R1 Hotfix KB Article
  CVE-2021-44832 Yes Pending

To be upgraded to Log4j 2.17.1

  • Core module
  • Updates and Insights
  CVE-2021-4104 Yes Pending

To be upgraded to Log4j 2.17.1

  • LFS
  • UAS
  • CLS
  CVE-2019-17571 Yes Pending

To be upgraded to Log4j 2.17.1

  • LFS
  • UAS
  • CLS

 

Labels (2)
Was this article helpful? Yes No
No ratings
Version history
Last update:
‎Mar 17, 2022 10:24 AM
Updated by:
Contributors