Published: 17:00 CET 13/12/2021
Latest update: 09:30 CET 03/01/2022

Log4j is a popular logging component used within most of Java software packages. This current security exposure poses a credible risk to many organizations, as certain exploit code may offer the opportunity for unwanted Remote Code Execution (RCE).

What is the Apache Log4j Security Exposure?

This security bug is widely referred to as “Log4shell”. It was identified on December 9th and categorized as a severe zero-day vulnerability (a documented security bug without a patch) in Log4j. The issue is caused by a weakness in the Log4j library, which allows an unsolicited action on the system. Apache has given the denotation CVE-2021-44228 to this security bug, referring to an “unauthenticated Remote Code Execution” (RCE).

A second vulnerability in Apache Log4j was identified on December 14th. This is tracked as ‘CVE-2021-45046’. This new issue has already been patched in the recommended update Log4j 2.17.1.

How Can You Determine If You Are Exposed?

Your IT team must determine if you have any direct or indirect dependencies to Log4j versions between 2.0-beta9 and 2.16.0.

How Can You Mitigate This Issue?

If you are using an exploited version of Log4j (2.0-beta9 to 2.16.0) and using a JAVA version earlier than version 11:

What Are TECHNIA Doing About This?

We have analyzed all TECHNIA Software offerings and, according to presently available information, we do not believe our products are vulnerable to Log4shell exploitation. We will, however, continue to actively monitor and analyze the situation as new information becomes available.

  • We have determined that we do not have any direct dependencies to affected versions.
  • We are reviewing all ongoing consulting engagements and have not identified any dependencies to affected versions.
  • We are working with our partners to coordinate our investigation and potential mitigation efforts.

Should you have any specific inquiries about this topic, please contact us at [email protected] | Updates will be posted to this page as additional information becomes available.

What Are Dassault Systèmes Doing About This?

Dassault Systèmes has recently released a statement regarding the Apache Log4j Security Exposure:

  • “We are very aware of the potential impact this issue may have on you, our customer, and we wish to assure you that this matter has our highest priority focus.
  • In the meantime, please refer to the following article, on our knowledge base, for further information.
  • Should you have any further questions, please contact us, via a Support Request ticket from our support site at ‘submit a request (3ds.com)’.

Government & Partner Guidance

Dassault Systèmes | Atlassian | UK Government | US Government | German Government | Dutch GovernmentNorwegian Government

Vorherige
So gelingt die PLM-Einführung
Kurzberatung

Buchen Sie noch heute einen Termin und gehen Sie mit einem PLM-Experten direkt ins Gespräch.

  • Kostenlose Beratung von Experten
  • Zeitliche Flexibilität: Passen Sie die Beratung an Ihren Zeitplan an
  • Keine lästigen Anfahrtswege – bequem von Ihrem Ort der Wahl
Bleiben Sie mit dem TECHNIA Newsletter up to date und erhalten Sie regelmäßige Informationen zu:
  • Aktuellen Produkten und Dienstleistungen
  • Die neuesten Software Updates
  • Kommende Aktionen
  • Aktuelle Webinare & Events

Jetzt anmelden

Webinare und Webinare on Demand

Tauchen Sie ein in die Welt der IT! In unseren aktuellen und aufgezeichneten Webseminaren (WoD) lernen Sie von erfahrenen Beratern mehr über PLM und CAD.

  • Kompetentes Wissen zu aktuellen IT-Themen von erfahrenen Beratern
  • Einfaches Erlernen von Anwendungen und Software Produkten
  • Verständlich und fachmännisch erklärt