Join us for SoftSummit 2023. The 20th anniversary of the industry leading software monetization conference. April 18 and 20. Register Now

This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
ashish01
Level 5
‎Mar 15, 2023 03:17 AM

ACAS vulnerabilities hitting for Log4J

Hi Team,

 

One of our customer is getting ACAS vulnerabilities hitting for Log4J which is included in Flexlm license server setup version - lmadmin-x64_n6-11.18.3.1.

Path              : C:\Users\ashish\Downloads\lmadmin-x64_n6-11.18.3.1\examples\alerter\lib\log4j-core-2.17.0.jar

Included version : 2.17.0

Fixed version     : 2.17.1

Can this jar be simply replaced with the fixed jar version? Or is there any patch for this? Or can we delete  'examples' folder entirely?

 

Thanks

0 Kudos
2 Replies
jyadav
Revenera Moderator Revenera Moderator
Revenera Moderator
‎Mar 15, 2023 03:22 AM

Hi @ashish01  ,

Could you please provide the CVE number so that I can run a quick check internally and provide an update  .

0 Kudos
mrathinam
Revenera Moderator Revenera Moderator
Revenera Moderator
‎Mar 15, 2023 07:06 AM

Hi @ashish01, Yes, you can download the jar and replace it if required, more info @ https://community.flexera.com/t5/FlexNet-Publisher-Knowledge-Base/CVE-2021-44228-amp-CVE-2021-45105-Log4j-Vulnerability-Impact-on/ta-p/217384

Best Regards,

0 Kudos