Security Advisory: Log4j Java Vulnerability (CVE-2021-44228)
Incident Report for Revenera System Status Dashboard
Resolved
We believe we have addressed the concerns as they relate to CVE-2021-44228. For more information about this or related vulnerabilities, please visit the Security Advisory: https://community.flexera.com/t5/Revenera-Company-News/Security-Advisory-Log4j-Java-Vulnerability-CVE-2021-4104-CVE/ba-p/216905
Posted Jan 12, 2022 - 11:04 PST
Update
Update:
A critical vulnerability in Apache Log4j 2 impacting versions from 2.0-beta9 to 2.14.1 has been publicly disclosed. The vulnerability has been assigned the identifier CVE-2021-44228.

The article referenced below provides currently available information about the potential impact of this vulnerability on Revenera products. Be advised this is an ongoing assessment. Updates will be made to this advisory as further information becomes available.

Please visit our Community for more detailed Revenera product assessment information:
https://community.flexera.com/t5/Revenera-Company-News/Security-Advisory-Log4j-Java-Vulnerability-CVE-2021-44228/ba-p/216905
Posted Dec 13, 2021 - 17:06 PST
Investigating
As you may be aware, a vulnerability was discovered in the Log4j Java library, potentially allowing attackers to take control of systems and execute malicious commands. For more detailed information about the vulnerability, please see the following resources:

CVE Definition: https://nvd.nist.gov/vuln/detail/CVE-2021-44228
Expanded CVE Definition: https://www.cve.org/CVERecord?id=CVE-2021-44228
Apache Security Site for CVE severity, score, and vector string: https://logging.apache.org/log4j/2.x/security.html

Revenera is actively working with our product teams to review Software Composition Analysis scans of our products to determine the impact, if any, on our solutions. We appreciate your patience and understanding, and we will provide an update once more information about affected products and remediation plans are confirmed.
Please follow our Community thread for further updates on this topic: https://community.flexera.com/t5/Revenera-Company-News/Security-Advisory-Log4j-Java-Vulnerability-CVE-2021-44228/ba-p/216905
Posted Dec 13, 2021 - 11:11 PST