Log4J Security Vulnerability Review
A vulnerability has been disclosed in the Java library Log4J. The vulnerability (known as Log4Shell or CVE-2021-44228) is known to have affected a wide range of software and services.
GTX has evaluated all software products including all 3rd party applications and libraries used and associated with its products
and can confirm that the only vulnerability that could be located was with the Flexera Flex Net Publisher software licensing
application. Specifically, the Network License Manager LMADMIN alerter in the example folder. See the links below:
Flexera Security Advisory Status Page:
Log4j Java Vulnerability (CVE-2021-44228) - External Link to Flexera Website
FlexNet Publisher: "2021 R4 (22.214.171.124), only when using lmadmin alerts example code"
Fixed Version Status: Pending
FlexNet Publisher Knowledge Base Page:
FlexNet-Publisher-Log4j - External Link to Flexera Website
Update (29Dec2021): FlexNet Publisher version 126.96.36.199-SP1 has been released.
If you are using the Network License Manager Lmtools.exe as your GTX license mechanism then this is not affected by the Log4J Java vulnerability issue.