Update: A critical vulnerability in Apache Log4j 2 impacting versions from 2.0-beta9 to 2.14.1 has been publicly disclosed. The vulnerability has been assigned the identifier CVE-2021-44228.
The article referenced below provides currently available information about the potential impact of this vulnerability on Revenera products. Be advised this is an ongoing assessment. Updates will be made to this advisory as further information becomes available.
As you may be aware, a vulnerability was discovered in the Log4j Java library, potentially allowing attackers to take control of systems and execute malicious commands. For more detailed information about the vulnerability, please see the following resources:
Revenera is actively working with our product teams to review Software Composition Analysis scans of our products to determine the impact, if any, on our solutions. We appreciate your patience and understanding, and we will provide an update once more information about affected products and remediation plans are confirmed. Please follow our Community thread for further updates on this topic: https://community.flexera.com/t5/Revenera-Company-News/Security-Advisory-Log4j-Java-Vulnerability-CVE-2021-44228/ba-p/216905