[Incident]: Some users report they are unable to access the case portal. Please see this community notice for more information.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Vulnerability: CVE-2021-44832 Log4j vulnerability impact on FlexNet Publisher

Vulnerability: CVE-2021-44832 Log4j vulnerability impact on FlexNet Publisher

Summary:

A vulnerability identified as CVE-2021-44832 has been reported Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server.

Problem Description:

Upon analysis, CVE-2021-44832  FNP does not use any JNDI data source

Resolution:

FNP is not vulnerable to log4j vulnerability. To avoid this security issue customers can also modify it on their own, this applies to all the FNP versions until 11.19.1.0

Workaround:

Download the latest version of log Log4j like 2.18 or later then replace the following file in this path C:\Program Files\FlexNet Publisher 64-bit License Server Manager\examples\alerter\lib 

Reference:

https://nvd.nist.gov/vuln/detail/CVE-2021-44832

Was this article helpful? Yes No
100% helpful (1/1)
Version history
Last update:
‎Jul 20, 2022 11:55 PM
Updated by:
Contributors