Mitigation-for-Apache-Log4j-CVE-2021-44228-CVE-2021-45046-Vulnerability. |
1) Which versions of Remedy Smart Reporting are vulnerable to CVE-2021-44228 and CVE-2021-45046? Remedy Smart Reporting 20.02 Patch 2 and newer versions are vulnerable to CVE-2021-44228 and CVE-2021-45046. Remedy Smart Reporting 20.02 patch 1 and older versions uses Log4j-1.x.x therefore, this version is NOT IMPACTED with above vulnerabilities. 2) Solution: A detailed description of the vulnerabilities can be found here: Apache Log4j Security Vulnerabilities. Follow the BMC Security Advisory Note on BMC Community for continuous updates and details about this issue. Workaround for Smart Reporting 20.02 Patch 2 is released. Please refer this document for details. |