INDEX: Log4j vulnerability impact on FlexNet Operations

Title

This article is an extension of the Log4j security advisory and serves to consolidate impact and mitigation details of related Log4j vulnerabilities with regards to FlexNet Publisher.

FlexNet Product Assessment by Component:

FlexNet Operations ALM

Component	Current Log4J Version	Fixed Version
ALM (core module)	2.17.0	[Resolved] 2022.03: Upgrade to 2.17.2
LFS	2.17.1	[Resolved] 2022.02: Upgraded to 2.17.1
CLS	N/A	[Resolved] 2022.02: Migrated from Log4J to Logback 1.2.9
UAS	1.x	[Resolved] 2022.03: Upgrade to 2.17.2
ESD	1.x	2022.04: Upgrade to 2.17.2
NS	2.16.0	[Resolved] 2022.03: Upgrade to 2.17.2
Reporter SSO*	1.x	2022.04: Upgrade to 2.17.1

*Reporter SSO is internally used by the FlexNet Operations system, no expected customer impact.

FlexNet Operations LLM

Component	Current Log4J Version	Fixed Version
LLM (core module)	N/A	N/A
LFS	2.17.1	[Resolved] 2022.02: Upgraded to 2.17.1
CLS	N/A	[Resolved] 2022.02: Migrated from Log4J to Logback 1.2.9
UAS	1.x	[Resolved] 2022.03: Upgrade to 2.17.2
ESD	1.x	2022.04: Upgrade to 2.17.2
Reporter SSO*	1.x	2022.04: Upgrade to 2.17.1

*Reporter SSO is internally used by the FlexNet Operations system, no expected customer impact.

FlexNet Operations Product Assessment by CVE:

Product	CVE	Potential Exposure	Fixed Version	Mitigation Resources
FlexNet Operations ALM	CVE-2021-44228	Yes	2022.01	Upgraded to Log4j 2.17.0 Core module Updates and Insights
	CVE-2021-45046	Yes	2022.03	To be upgraded to Log4j 2.17.1 Core module Updates and Insights
	CVE-2021-45105	Yes	2022.03	To be upgraded to Log4j 2.17.1 Core module Updates and Insights
	CVE-2021-44832	Yes	2022.01	Upgraded to Log4j 2.17.0 Core module Updates and Insights To be upgraded to Log4j 2.17.1 (2022.03)
	CVE-2021-4104	Yes	2022.03	To be upgraded to Log4j 2.17.1 LFS UAS CLS
	CVE-2019-17571	Yes	2022.03	To be upgraded to Log4j 2.17.1 LFS UAS CLS
FlexNet Operations LLM	CVE-2021-44228	No	N/A	N/A
	CVE-2021-45046	No	N/A	N/A
	CVE-2021-45105	No	N/A	N/A
	CVE-2021-44832	No	N/A	N/A
	CVE-2021-4104	Yes	2022.03	To be upgraded to 2.17.1
	CVE-2019-17571	No	N/A	N/A
FlexNet Operations On-Premises	CVE-2021-44228	Yes	2021 R1 Hotfix	KB Article
	CVE-2021-45046	Yes	2021 R1 Hotfix	KB Article
	CVE-2021-45105	Yes	2021 R1 Hotfix	KB Article
	CVE-2021-44832	Yes	Pending	To be upgraded to Log4j 2.17.1 Core module Updates and Insights
	CVE-2021-4104	Yes	Pending	To be upgraded to Log4j 2.17.1 LFS UAS CLS
	CVE-2019-17571	Yes	Pending	To be upgraded to Log4j 2.17.1 LFS UAS CLS

Was this helpful?

Support Hub

Product

FlexNet Operations

Visibility

Guest

URL Name

index-log4j-vulnerability-impact-on-flexnet-operations

Are you sure you want to cancel the case creation?

Case closed successfully

Action performed successfully

Upload Attachment

Maximum file size allowed is 3 MB.

File type not supported.

Supported file types:

Documents (.txt, .doc, .docx, .pdf), Images (.jpg, .png), Comma Separated Files (.csv) Speadsheets (.xlsx, .xls)

Are you sure you want to close this case

Get Hotline support

Products	Region	Phone Numbers
FlexNet Operations FlexNet Embedded FlexNet Publisher FlexNet Connect FlexNet Code Insight InstallAnywhere InstallShield	North America *	+1 630-332-2513 (toll) +1 877-279-2853 (toll-free in North America)
	Europe *	+44 1925 944367 (toll) +44 800 047 8642 (toll-free in Europe)
	Japan *	+81 3-4540-5335 (select option 2)
	Australia *	+61 3 9895 2177 +61 1800 560 603 (toll-free in Australia)
Usage Intelligence (formerly Revulytics) Compliance Intelligence	Please use the Case Portal to submit your support ticket or reach out to your Revenera contact.

FlexNet Product Assessment by Component:

*Reporter SSO is internally used by the FlexNet Operations system, no expected customer impact.

*Reporter SSO is internally used by the FlexNet Operations system, no expected customer impact.

FlexNet Operations Product Assessment by CVE:

Related Articles

Please wait...

Case id: 00001065