Dec 29, 2021
02:42 AM
Hello are there any news about new vulnerability CVE-2021-44832? Apache has released new jar 2.17.1. In Flexnet operations there is at least one log entry using JDBC Appender in file C:\Program Files\FlexNet Operations\release\flexnet.ear\flexnet.war\WEB-INF\classes\flexnet-log4j.xml <DataSource jndiName="java:/jdbc/FLEXnetDataSource" /> But that datasource is using java protocol, which should be safe, it it so that FNO is not affected by CVE-2021-44832? Pauli
... View more
Dec 20, 2021
02:39 AM
@jefflaing @jholcomb Have you noticed that new version 2.17.0 has been released as 2.16.0 has a new vulnerability. https://logging.apache.org/log4j/2.x/security.html I have removed JndiLookup.class from all log4j-core files and it seems a good solution so far. But now I wonder if Flexnet Operations is vulnerable to new CVE-2021-45105. It seems that FNO is not using Context Lookup (like ${ctx:loginId}) in log4j configuration by default and so it should not be vulnerable, but I'm no log4j expert, perhaps Flexera knows better. Pauli
... View more
Dec 13, 2021
07:20 AM
1 Kudo
@jefflaing If you block outgoing connections, in the long term it could be great if FNO gets it license renewed from Flexera servers.
... View more
Latest posts by pauli_tuominen
Subject | Views | Posted |
---|---|---|
6243 | Dec 29, 2021 02:42 AM | |
8242 | Dec 20, 2021 02:39 AM | |
16548 | Dec 13, 2021 07:20 AM |
Activity Feed
- Kudoed Re: Security Advisory: Log4j Java Vulnerability (CVE-2021-4104, CVE-2021-45046, CVE-2021-44228) for mrathinam. Dec 29, 2021 05:39 AM
- Posted Re: Security Advisory: Log4j Java Vulnerability (CVE-2021-4104, CVE-2021-45046, CVE-2021-44228) on Revenera Company News. Dec 29, 2021 02:42 AM
- Kudoed Re: Security Advisory: Log4j Java Vulnerability (CVE-2021-4104, CVE-2021-45046, CVE-2021-44228) for jefflaing. Dec 21, 2021 02:09 AM
- Kudoed Re: Security Advisory: Log4j Java Vulnerability (CVE-2021-4104, CVE-2021-45046, CVE-2021-44228) for jholcomb. Dec 21, 2021 02:08 AM
- Kudoed Re: Security Advisory: Log4j Java Vulnerability (CVE-2021-4104, CVE-2021-45046, CVE-2021-44228) for jholcomb. Dec 21, 2021 02:08 AM
- Kudoed Re: Security Advisory: Log4j Java Vulnerability (CVE-2021-4104, CVE-2021-45046, CVE-2021-44228) for jefflaing. Dec 20, 2021 04:01 AM
- Kudoed Re: Security Advisory: Log4j Java Vulnerability (CVE-2021-4104, CVE-2021-45046, CVE-2021-44228) for jholcomb. Dec 20, 2021 04:00 AM
- Kudoed Re: Security Advisory: Log4j Java Vulnerability (CVE-2021-4104, CVE-2021-45046, CVE-2021-44228) for jholcomb. Dec 20, 2021 03:59 AM
- Kudoed Re: Security Advisory: Log4j Java Vulnerability (CVE-2021-4104, CVE-2021-45046, CVE-2021-44228) for jefflaing. Dec 20, 2021 03:59 AM
- Posted Re: Security Advisory: Log4j Java Vulnerability (CVE-2021-4104, CVE-2021-45046, CVE-2021-44228) on Revenera Company News. Dec 20, 2021 02:39 AM
- Kudoed CVE-2021-44228 & CVE-2021-45105: Log4j vulnerability impact on FlexNet Publisher for mrathinam. Dec 15, 2021 05:31 AM
- Kudoed Re: Security Advisory: Log4j Java Vulnerability (CVE-2021-44228) for pierre_olsson. Dec 15, 2021 05:07 AM
- Kudoed Re: Flexera’s response to Apache Log4j 2 remote code execution vulnerability CVE-2021-44228 for mkulvietis. Dec 14, 2021 05:56 AM
- Got a Kudo for Re: Security Advisory: Log4j Java Vulnerability (CVE-2021-44228). Dec 13, 2021 03:34 PM
- Posted Re: Security Advisory: Log4j Java Vulnerability (CVE-2021-44228) on Revenera Company News. Dec 13, 2021 07:20 AM
- Kudoed Re: Security Advisory: Log4j Java Vulnerability (CVE-2021-44228) for virginial. Dec 13, 2021 04:02 AM
- Kudoed Re: Security Advisory: Log4j Java Vulnerability (CVE-2021-44228) for uzihabaz. Dec 12, 2021 11:13 AM