Loading
search-img
Title
CVE-2019-17571: Log4j vulnerability impact on FlexNet Embedded

Summary:

A vulnerability identified as CVE-2019-17571 has been reported in the Apache Log4j library. This article discusses the impact of this vulnerability on the FlexNet Embedded Local License Server.

Description:

The Apache Log4j vulnerability referenced by the CVE identifier CVE-2019-17571 does not affect the License Server.

In essence, the vulnerability referenced by CVE-2019-17571 requires that a Apache Log4j server is configured to receive log events via TCP/UDP through the use of the SocketServer class [1]. If malicious log events can be received by such a SocketServer and if the SocketServer is connected to deserialization means, then the potential for arbitrary code execution exist through deserialization of the malicious log events. The root cause of the issue is the use of the "configureHierarchy" and "genericHierarchy" methods within the SocketServer class [2].

The License Server does not utilize any SocketServer in its default configuration. Furthermore, the License Server is not intended nor designed to use the SocketServer and thus doesn't provide any means to configure and integrate a SocketServer including deserialization means through the existing License Server configuration. To note, the maintainer of Apache Log4j is also recommending against the use of serialization respective deserialization within the remote logging context as part of security best practices [3] as serialization / deserialization is an inherently insecure feature of the Java ecosystem.

Therefore, the License Server does not utilize nor expose the vulnerable SocketServer class and is considered unaffected by CVE-2019-17571.

Resolution:

No resolution required.

Workaround:

No workaround required.

References:

[1] https://logging.apache.org/log4j/1.2/apidocs/org/apache/log4j/net/SocketServer.html
[2] https://logging.apache.org/log4j/1.2/xref/org/apache/log4j/net/SocketServer.html
[3] https://issues.apache.org/jira/browse/LOG4J2-1863?focusedCommentId=16217905&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-16217905

Additional Information:

Was this helpful?
Support Hub
Product
FlexNet Embedded
Visibility
Guest
URL Name
cve-2019-17571-log4j-vulnerability-impact-on-flexnet-embedded

Related Articles

Create a case with Support
0/255
Upload Attachment
File Upload
Maximum file size allowed is 3 MB.
File type not supported.
Supported file types:
Documents (.txt, .doc, .docx, .pdf), Images (.jpg, .png), Comma Separated Files (.csv) Speadsheets (.xlsx, .xls)

Are you sure you want to cancel the case creation?

Are you sure you want to close this case

Get Hotline support
Products Region Phone Numbers
FlexNet Operations
FlexNet Embedded
FlexNet Publisher
FlexNet Connect
FlexNet Code Insight
InstallAnywhere
InstallShield 		North America  * +1 630-332-2513 (toll)
+1 877-279-2853 (toll-free in North America)
Europe  * +44 1925 944367 (toll)
+44 800 047 8642 (toll-free in Europe)
Japan  * +81 3-4540-5335 (select option 2)
Australia  * +61 3 9895 2177
+61 1800 560 603 (toll-free in Australia)
Usage Intelligence (formerly Revulytics)
Compliance Intelligence 		Please use the Case Portal to submit your support ticket or reach out to your Revenera contact.
Book an Appointment
File Upload
Maximum file size allowed is 3 MB.
File type not supported.
Supported file types:
Documents (.txt, .doc, .docx, .pdf), Images (.jpg, .png), Comma Separated Files (.csv) Speadsheets (.xlsx, .xls)
+1.800.374.4353
CONTACT US REVENERA.COM FLEXERA.com
© 2026 Flexera Software. All Rights Reserved.
Privacy policy Terms and conditions Flexera Community Contact Us
Loading
CVE-2019-17571: Log4j vulnerability impact on FlexNet Embedded