This is for the erwin Mart Server product. A critical vulnerability was recently discovered related to systems/software that run Apache Log4j More information about this vulnerability can be found here.
National Vulnerability Database - CVE-2021-44228 (nist.gov)
https://nvd.nist.gov/vuln/detail/CVE-2021-44832
https://nvd.nist.gov/vuln/detail/CVE-2021-45046
Further information on this please click: https://support.quest.com/essentials/log4j-vulnerability-update
This is an industry-wide vulnerability affecting the Apache Log4j itself and is not specific to erwin Mart Server.
Our Development created patch fixes updated to latest log4j v2.17.1 in erwin Mart Server files (which includes latest MartServer.war and few .jar files with upgrade instructions in zip file )
Please download patch fixes for each version
Unzip and follow Upgrade instruction word doc in downloaded file
If you are using erwin Mart Server 2020 R2 SP1 then use erwin Mart Server 2020 R2 SP2 updated .jar, MartServer.war along with steps under erwinMS2020R2 SP2
NOTE: log4j vulnerability is not impacted on erwin Mart version until Mart Server 2020R1, in Mart server versions 2019R1,2018R1,9.8,9.7, 9.6,9.5 we used log4j 1.2.x which is not impacted by the following vulnerabilities.CVE-2021-45105,CVE-2021-45046,CVE-2021-44228,CVE-2021-44832
We only provide patches for Mart server versions 2020R1SP1 onward, Users currently on 2020R1 Mart Server are required to upgrade to at least 2020R1SP1 or higher.
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center