Spotlight on SQL Server Enterprise A critical vulnerability was recently discovered related to systems/software that run Apache Log4j. More information about this vulnerability can be found here: National Vulnerability Database - CVE-2021-44228 (nist.gov) This is an industry-wide vulnerability affecting the Apache Log4j itself and is not specific to Spotlight on SQL Server Enterprise. Spotlight on SQL Server Enterprise Versions 13.1, 13.2, 13.2.1, 13.3, 13.4 and 13.5 are affected by CVE-2021-44228. Resolution Upgrade to Spotlight of SQL Server Enterprise versions 13.5.2, 13.4.2 or 13.3.1. Those versions of Spotlight on SQL Server Enterprise have upgraded log4j to version 2.16.0, which is not subject to the CVE-2021-44228 vulnerability. Status Please review the following knowledge article for further updates on this issue. For any questions or assistance on this topic please contact Quest Technical Support. We apologize for the inconvenience this issue may have caused and look forward to assisting you in the future. |