- Revenera Community
- :
- FlexNet Publisher
- :
- FlexNet Publisher Forum
- :
- Re: Lmtools License Manager
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
Lmtools License Manager
Can you please confirm if Lmtools license Manager application (FlexNet) is affected by Log4j vulnerability?. If yes, please share the remediation & Mitigation steps.
- Mark as New
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
Hi @lathag Lmtools is not affected by Log4j vulnerability. Adding to that FNP is not vulnerable to log4j vulnerability however optional part of alerter module under examples with the (FlexNet Publisher 64-bit License Server Manager) lmadmin was affected, you can find remediation & Mitigation steps here
Best Regards,
- Mark as New
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
Hi Rathinam,
Thank you for your reply. We have Version v.11.12.1.4 build 154914 x64_n6 LMTOOLS by Flexera Software. As per the Mitigation steps, in the library file, we are finding
activation.jar, alerter.jar, axis.jar, axis-ant.jar, commons-discovery-0.2.jar, commons-logging-1.0.4.jar, jarxpc.jar, log4j-1.2.8.jar, mail.jar, saaj.jar, wsdlj4j-1.5.1.jar.
Can you please guide us in place of log4j-1.2.8.jar what should we replace.
Thank you.
- Mark as New
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
Hi @lathag I think Log4j 1.x is not impacted by this vulnerability so you can keep using the same jar.
However still if you want to replace it with latest version then
You can download the latest jar here https://logging.apache.org/log4j/2.x/download.html and replace only
From
log4j-1.2.8.jar
Replace to
log4j-1.2-api-2.17.1.jar
log4j-api-2.17.1.jar
log4j-core-2.17.1.jar
Best Regards,