This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

CVE-2021-44832 Log4j vulnerability impact on FlexNet Publisher

CVE-2021-44832 Log4j vulnerability impact on FlexNet Publisher

Summary:

Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can execute remote code. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.

Problem Description:

Upon analysis for the CVE-2021-44832 in FlexNet Publisher, it does not use any JNDI data source

Resolution:

FNP solution around log4j is not vulnerable to vulnerability CVE-2021-44832

Labels (3)
Was this article helpful? Yes No
0 Kudos
No ratings
Comments
rsaroeun
‎Oct 16, 2024 11:06 AM
‎Oct 16, 2024 11:06 AM

Hi, 

Does this affect FNP running in Linux OS server. I'm on version 11.19.0.0.

mrathinam
Revenera Moderator Revenera Moderator
‎Oct 16, 2024 11:53 PM
‎Oct 16, 2024 11:53 PM

Hi @rsaroeun FNP solution around log4j is not vulnerable to vulnerability CVE-2021-44832 so any version of FNP is not affected with this Vulnerability.  However, my suggestion to use the latest version always. 

Best Regards,

Mani.

Version history
Last update:
‎Jan 04, 2022 12:04 AM
Updated by:
Revenera Moderator Revenera Moderator
Contributors