MES log4j Security Information
According to our security review none of our MES applications have been affected by CVE-2021-44228.
The implemented versions of log4j are not affected, JNDI/JMS Appender are not in use.
Please find all details for previous tool versions below. All newer tool version are not affected. We recommend using Flexnet Publisher (FNP) version 11.19.1 for all license server installations. You can download the MES FNP package here.
Product | Version | Desktop Application | Server Application | Background | CVE-2021-44228 Log4j 2.0-beta9 to 2.14.1 |
Flexnet Publisher | 11.14.0 11.16.4 11.17.0.0 11.17.1 |
x | Log4j Version 1.X | Not affected | |
11.18.3.0 | x | Log4j Version 2.15.X | May affect | ||
11.18.3.1 11.19.1 |
x | Log4j Version 2.17.0 | Not affected | ||
MXAM | 4.X – 7.X | x | Log4j Version 1.2.16 | Not affected | |
From 8.0 | x | Log4j Version 2.17.1 | Not affected | ||
MTest | 5.0 – 7.7 | x | Log4j Version 1.2.15 | Not affected | |
MES Plugin for Jenkins | 1.0 – 2.0 | x | No individual logger in use | Not affected | |
MXRAY | 2.0 - 4.3 | x | No individual logger in use | Not affected | |
MoRe | 1.0-2.X | x | No individual logger in use | Not affected |