Join us for SoftSummit 2023. The 20th anniversary of the industry leading software monetization conference. April 18 and 20. Register Now

Showing results for 
Show  only  | Search instead for 
Did you mean: 

CVE-2021-44832 Log4j vulnerability impact on FlexNet Publisher

CVE-2021-44832 Log4j vulnerability impact on FlexNet Publisher


Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can execute remote code. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.

Problem Description:

Upon analysis for the CVE-2021-44832 in FlexNet Publisher, it does not use any JNDI data source


FNP solution around log4j is not vulnerable to vulnerability CVE-2021-44832

Labels (3)
Was this article helpful? Yes No
No ratings
Version history
Last update:
‎Jan 04, 2022 12:04 AM
Updated by: