Published: 17:00 CET 13/12/2021
Latest update: 09:30 CET 03/01/2022

Log4j is a popular logging component used within most of Java software packages. This current security exposure poses a credible risk to many organizations, as certain exploit code may offer the opportunity for unwanted Remote Code Execution (RCE).

What is the Apache Log4j Security Exposure?

This security bug is widely referred to as “Log4shell”. It was identified on December 9th and categorized as a severe zero-day vulnerability (a documented security bug without a patch) in Log4j. The issue is caused by a weakness in the Log4j library, which allows an unsolicited action on the system. Apache has given the denotation CVE-2021-44228 to this security bug, referring to an “unauthenticated Remote Code Execution” (RCE).

A second vulnerability in Apache Log4j was identified on December 14th. This is tracked as ‘CVE-2021-45046’. This new issue has already been patched in the recommended update Log4j 2.17.1.

How Can You Determine If You Are Exposed?

Your IT team must determine if you have any direct or indirect dependencies to Log4j versions between 2.0-beta9 and 2.16.0.

How Can You Mitigate This Issue?

If you are using an exploited version of Log4j (2.0-beta9 to 2.16.0) and using a JAVA version earlier than version 11:

What Are TECHNIA Doing About This?

We have analyzed all TECHNIA Software offerings and, according to presently available information, we do not believe our products are vulnerable to Log4shell exploitation. We will, however, continue to actively monitor and analyze the situation as new information becomes available.

  • We have determined that we do not have any direct dependencies to affected versions.
  • We are reviewing all ongoing consulting engagements and have not identified any dependencies to affected versions.
  • We are working with our partners to coordinate our investigation and potential mitigation efforts.

Should you have any specific inquiries about this topic, please contact us at [email protected] | Updates will be posted to this page as additional information becomes available.

What Are Dassault Systèmes Doing About This?

Dassault Systèmes has recently released a statement regarding the Apache Log4j Security Exposure:

  • “We are very aware of the potential impact this issue may have on you, our customer, and we wish to assure you that this matter has our highest priority focus.
  • In the meantime, please refer to the following article, on our knowledge base, for further information.
  • Should you have any further questions, please contact us, via a Support Request ticket from our support site at ‘submit a request (3ds.com)’.

Government & Partner Guidance

Dassault Systèmes | Atlassian | UK Government | US Government | German Government | Dutch GovernmentNorwegian Government

Previous
Optimizing Engineering Workflows
Next
Comparing Model Changes and Validating Change Requests on CATIA V5 Models
At TECHNIA, we pave the way for your innovation, creativity and profitability.

We combine industry-leading Product Lifecycle Management tools with specialist knowledge, so you can enjoy the journey from product concept to implementation. Our experience makes it possible to keep things simple, personal and accessible so that together we transform your vision into value.

Want to receive more content like this?
  • Related news and articles straight to your inbox
  • Hints, tips & how-tos
  • Thought leadership articles
How-to’s, hints & tips

Learn how to work better together with world-leading PLM knowledge that keeps your engineering design, simulation and manufacturing ahead of the curve.