This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Vulnerability: CVE-2021-44832 Log4j vulnerability impact on FlexNet Publisher

Vulnerability: CVE-2021-44832 Log4j vulnerability impact on FlexNet Publisher

Summary:

A vulnerability identified as CVE-2021-44832 has been reported Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server.

Problem Description:

Upon analysis, CVE-2021-44832  FNP does not use any JNDI data source

Resolution:

FNP is not vulnerable to log4j vulnerability. To avoid this security issue customers can also modify it on their own, this applies to all the FNP versions until 11.19.1.0

Workaround:

Download the latest version of log Log4j like 2.18 or later then replace the following file in this path C:\Program Files\FlexNet Publisher 64-bit License Server Manager\examples\alerter\lib 

Reference:

https://nvd.nist.gov/vuln/detail/CVE-2021-44832

Was this article helpful? Yes No
100% helpful (1/1)
Version history
Last update:
‎Jul 20, 2022 11:55 PM
Updated by:
Revenera Moderator Revenera Moderator
Contributors