-
Title
JAVA Log4J Vulnerability Alert Mitigation For erwin MART -
Description
This is for the erwin Mart Server product. A critical vulnerability was recently discovered related to systems/software that run Apache Log4j More information about this vulnerability can be found here.
National Vulnerability Database - CVE-2021-44228 (nist.gov)
https://nvd.nist.gov/vuln/detail/CVE-2021-44832
https://nvd.nist.gov/vuln/detail/CVE-2021-45046
https://nvd.nist.gov/vuln/detail/CVE-2021-45105Further information on this please click: https://support.quest.com/essentials/log4j-vulnerability-update
-
Cause
This is an industry-wide vulnerability affecting the Apache Log4j itself and is not specific to erwin Mart Server.
-
Resolution
Our Development created patch fixes updated to latest log4j v2.17.1 in erwin Mart Server files (which includes latest MartServer.war and few .jar files with upgrade instructions in zip file )
Please download patch fixes for each version
Unzip and follow Upgrade instruction word doc in downloaded file
If you are using erwin Mart Server 2020 R2 SP1 then use erwin Mart Server 2020 R2 SP2 updated .jar, MartServer.war along with steps under erwinMS2020R2 SP2
NOTE: log4j vulnerability is not impacted on erwin Mart version until Mart Server 2020R1, in Mart server versions 2019R1,2018R1,9.8,9.7, 9.6,9.5 we used log4j 1.2.x which is not impacted by the following vulnerabilities.CVE-2021-45105,CVE-2021-45046,CVE-2021-44228,CVE-2021-44832
We only provide patches for Mart server versions 2020R1SP1 onward, Users currently on 2020R1 Mart Server are required to upgrade to at least 2020R1SP1 or higher.