The Community is now in read-only mode to prepare for the launch of the new Revenera Community. During this time, you will be unable to register, log in, or access customer resources from Nov 22nd-Nov 25th. Click here for more information.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Security Advisory: Assessment of Revenera’s products' exposure to Apache Commons Text RCE Vulnerability CVE-2022-42889

cvirata
Revenera Community Admin Revenera Community Admin
Revenera Community Admin
0 0 1,328

Summary

A critical vulnerability potentially allowing remote code execution in Apache Commons Text impacting versions 1.5 through 1.9 has been publicly disclosed. The vulnerability has been assigned the identifier CVE-2022-42889, and is also commonly referred to as “Text4Shell”.

This article provides currently available information about the potential impact of the vulnerability on Revenera products.

NOTE: This is an ongoing assessment. Updates will be made to this advisory as further information becomes available.

As had been mentioned within the announcement of the maintainer of Apache Commons Text, while the vulnerability allows remote code execution, the vulnerability requires the use of an insecure configuration of Apache Commons Text. Such configurations are not expected to be common, but Revenera is nevertheless committed to assess its products based on any potential exposure.

Revenera Product Assessment

Product Potential Exposure to CVE-2022-42889 Potentially Exposed Components or Versions Fixed Version Mitigation
Installation
InstallAnywhere No, impacted module not used. None N/A N/A
InstallShield No, Apache Commons Text not used. None N/A N/A
 
Software Composition Analysis
Code Aware No, Apache Commons Text not used. None N/A N/A
Code Insight No, Apache Commons Text not used. None N/A N/A
SBOM Insights No, Apache Commons Text not used. None N/A N/A
 
Software Monetization
Cloud Licensing (CLS) No, impacted module not used. None 2022.12 Upgrading to Apache Commons Text 1.10.0 
Compliance Intelligence (RCI) No, impacted module not used. None

[Remediated]

Compliance Intelligence Gateway 6.4.1.25003

Upgraded to Apache Commons Text 1.10.0 
FlexNet Connect No, Apache Commons Text not used. None N/A N/A
FlexNet Embedded - License Server Manager (FLSM) No, Apache Commons Text not used. None N/A N/A
FlexNet Embedded - Local License Server (LLS) No, impacted module not used. None 2022.12 Upgrading to Apache Commons Text 1.10.0 
FlexNet Embedded SDK No, Apache Commons Text not used. None N/A N/A
FlexNet Operations - ALM No, Apache Commons Text not used. None N/A N/A
FlexNet Operations - LLM No, Apache Commons Text not used. None N/A N/A
FlexNet Operations On-Premise No, Apache Commons Text not used. None N/A N/A
FlexNet Publisher No, Apache Commons Text not used. None N/A N/A
Usage Intelligence (RUI) No, Apache Commons Text not used. None N/A N/A

 

The information on this page reflects:

  • The assessed status of Revenera’s SaaS systems.
  • The assessed status of all versions of Revenera’s products that are still supported (that is, they have not yet reached their End of Life). Product lifecycle dates can be found at https://docs.revenera.com/eol/default.htm.

Related Information

Change Log

2022-10-24 13:25 CDT: Initial notice posted

2022-10-25 09:25 CDT: Updated assessment for FlexNet Embedded - License Server Manager (FLSM)and Fixed Version information for FlexNet Embedded Local License Server (LLS) and Cloud Licensing Service (CLS). 

2022-10-26 10:00 CDT: Updated assessment for FlexNet Embedded - SDK.

2022-10-28 12:35 CDT: Updated assessment for FlexNet Operations Cloud ALM and FlexNet Operations On-Premise.

2022-11-01 15:45 CDT: Updated assessment for FlexNet Operations Cloud LLM.