This documentation supports an earlier version of BMC Helix IT Service Management on-premises deployment.

To view the documentation for the latest version, select 21.3.06 from the Product version picker.

Fix available for Apache Log4j vulnerabilities CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105

BMC Software is alerting users to the Apache Log4j vulnerabilities that require immediate attention in BMC Helix Innovation Suite on-premises in version 21.05.02.

If you have any questions related to these vulnerabilities, contact Customer Support.

January 5, 2022

A zero-day exploit for the following vulnerabilities was publicly released:

  • CVE-2021-44228 (code named Log4Shell) on December 9, 2021

  • CVE-2021-45046 on December 14, 2021

  • CVE-2021-45105 on December 18, 2021

A detailed description of the vulnerability can be found here:  Apache Log4j Security Vulnerabilities .

Please follow the BMC Security Advisory Note on BMC Community for continuous updates and details about this issue.

We recommend that you immediately apply the fix as described in this topic.


Defect IDCVSS v3 ratingDescription
DRD21-140179.8Apache Log4j Security Vulnerability (CVE-2021-44228 and CVE-2021-45046 ) are identified in BMC Helix Innovation Suite.


You must upgrade to BMC Helix Innovation Suite version 21.3.02 that contains the fix for this vulnerability. 

Was this page helpful? Yes No Submitting... Thank you