We have started to update some immediate remediation procedures and emergency fixes procedures with Log4j 2.17.1 (see history for detail) In parallel, Dassault Systemes has already engaged a plan to remove remaining log4j 1.x libraries from supported Solutions.
This analysis revealed that there is no significant risk to exploit existing vulnerabilities within our Solutions (the vulnerabilities described in above CVE only exist in very specific, non-default and rare configuration that 3DS do not use)
6PM Paris time)įollowing the CVE-2022-23307 publication (but also CVE-2022-23302, CVE-2022-23305, CVE-2021-4104), related to log4j 1.2.x releases, Dassault Systemes has engaged a deep impact analysis.
0 kommentar(er)
