- Revenera Community
- :
- FlexNet Publisher
- :
- FlexNet Publisher Knowledge Base
- :
- Vulnerability: CVE-2021-44832 Log4j vulnerability impact on FlexNet Publisher
- Mark as New
- Mark as Read
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
Vulnerability: CVE-2021-44832 Log4j vulnerability impact on FlexNet Publisher
Vulnerability: CVE-2021-44832 Log4j vulnerability impact on FlexNet Publisher
Summary:
A vulnerability identified as CVE-2021-44832 has been reported Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server.
Problem Description:
Upon analysis, CVE-2021-44832 FNP does not use any JNDI data source
Resolution:
FNP is not vulnerable to log4j vulnerability. To avoid this security issue customers can also modify it on their own, this applies to all the FNP versions until 11.19.1.0
Workaround:
Download the latest version of log Log4j like 2.18 or later then replace the following file in this path C:\Program Files\FlexNet Publisher 64-bit License Server Manager\examples\alerter\lib
Reference: