- Revenera Community
- :
- FlexNet Publisher
- :
- FlexNet Publisher Forum
- :
- ACAS vulnerabilities hitting for Log4J
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
ACAS vulnerabilities hitting for Log4J
Hi Team,
One of our customer is getting ACAS vulnerabilities hitting for Log4J which is included in Flexlm license server setup version - lmadmin-x64_n6-11.18.3.1.
Path : C:\Users\ashish\Downloads\lmadmin-x64_n6-11.18.3.1\examples\alerter\lib\log4j-core-2.17.0.jar
Included version : 2.17.0
Fixed version : 2.17.1
Can this jar be simply replaced with the fixed jar version? Or is there any patch for this? Or can we delete 'examples' folder entirely?
Thanks
- Mark as New
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
Hi @ashish01, Yes, you can download the jar and replace it if required, more info @ https://community.flexera.com/t5/FlexNet-Publisher-Knowledge-Base/CVE-2021-44228-amp-CVE-2021-45105-Log4j-Vulnerability-Impact-on/ta-p/217384
Best Regards,
- Mark as New
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
It's best to check with the software vendor for specific guidance. However, generally, updating the log4j-core jar to the fixed version or deleting the 'examples' folder (if not in use) should help mitigate the vulnerability. Always back up before making changes.
- Mark as New
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
You are right @alicesimth5765