Summary

A vulnerability identified as CVE-2021-44832 has been reported Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server.

Problem Description

Upon analysis, CVE-2021-44832 FNP does not use any JNDI data source 

FNP is not vulnerable to log4j vulnerability. To avoid this security issue customers can also modify it on their own, this applies to all the FNP versions until 11.19.1.0

Workaround

Download the latest version of log Log4j like 2.18 or later then replace the following file in this path C:\Program Files\FlexNet Publisher 64-bit License Server Manager\examples\alerter\lib 

Reference:

https://nvd.nist.gov/vuln/detail/CVE-2021-44832