Fix available for Apache Log4j vulnerabilities CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105
BMC Software is alerting users to the Apache Log4j vulnerabilities that require immediate attention in BMC Helix Innovation Suite on-premises in version 21.05.02.
If you have any questions related to these vulnerabilities, contact Customer Support.
January 5, 2022
A zero-day exploit for the following vulnerabilities was publicly released:
CVE-2021-44228 (code named Log4Shell) on December 9, 2021
CVE-2021-45046 on December 14, 2021
- CVE-2021-45105 on December 18, 2021
A detailed description of the vulnerability can be found here: Apache Log4j Security Vulnerabilities .
Please follow the BMC Security Advisory Note on BMC Community for continuous updates and details about this issue.
We recommend that you immediately apply the fix as described in this topic.
|Defect ID||CVSS v3 rating||Description|
|DRD21-14017||9.8||Apache Log4j Security Vulnerability (CVE-2021-44228 and CVE-2021-45046 ) are identified in BMC Helix Innovation Suite.|
You must upgrade to BMC Helix Innovation Suite version 21.3.02 that contains the fix for this vulnerability.
Log in or register to comment.