Lynkoa

Product information - security breach in log4j library

Datum 21 December 2021 von Coralie

Government security agencies in many countries (FranceUKGermanyUSA) have reported on December 10, 2021 an important security vulnerability in a library very commonly used in all projects and software developed in Java. This vulnerability, identified in the Apache Log4j library used for logging, is likely to allow cyber attackers to take control of information systems.

This vulnerability, also called "log4shell", is caused by a Log4j feature introduced in versions 2.x allowing, by interpreting a string in a logged message, to connect to a remote site without authentication or to execute code directly. This is a global security vulnerability and is rated as level 10 by the Apache Foundation.

As soon as this alert was issued and following investigations by its own cybersecurity teams, Dassault Systèmes implemented remediation actions and communicated to its customers through its knowledge base.

The table below summarizes the impact of this vulnerability on its software, as communicated by Dassault Systèmes.

Update on Dassault Systèmes' software

 

Solution

Action to be taken

3DEXPERIENCE SaaS

Update to be performed (HF0.4) for each user

3DEXPERIENCE On Premise

According to the version - Consult the Dassault Systèmes Knowledge Base or contact Visiativ support (support@mycadservices.com)

Software suite SolidWorks and PDM

Not affected – no action to be taken

SmarTeam

According to the version - Consult the Dassault Systèmes Knowledge Base or contact Visiativ support (support@mycadservices.com)

Situation updated on 20/12/2021 at 16h00

This table will be updated as information is received from Dassault Systèmes.

If you rely on the actions recommended by Dassault Systèmes in the Knowledge Base article, you are strongly advised to consult this article on a regular basis to ensure that the actions to be performed have not been modified and have not been enriched by additional actions.

Concerning tools related to Dassault Systèmes software developed by VISIATIV (myCadServices, my3Dplayer, myCADplace, myProduct, myCADtools, myApps), they are not affected by this vulnerability. The same applies to specific developments made by VISIATIV in projects.

Your data protection remains our priority and our teams work continuously to bring you more reliable and secure services.

Teilen

Diesen page mailen

1 commentaires pour Product information - security breach in log4j library

von tiffanypalo132 | 65 point(s)

your post has lots of information that i get from you