Restricted Mitigating the Apache Log4j vulnerabilities CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105

BMC Software is alerting users to the Apache Log4j vulnerabilities that requires immediate attention in version 11.0 of TrueSight Presentation Server.

If you have any questions about the problem, contact Customer Support.

December 22, 2021

Issues

A  zero-day exploit for the following vulnerabilities were publicly released: 

• CVE-2021-44228 (code named Log4Shell) on December 9^th, 2021
• CVE-2021-45046 on December 14^th, 2021
• CVE-2021-45105 December 18^th, 2021

A detailed description of the vulnerabilities can be found here: Apache Log4j Security Vulnerabilities

Follow the BMC Security Advisory Noteon BMC Community for continuous updates and details about this issue.

Resolution

To mitigate this vulnerability, perform the following steps:

1. From the Electronic Product Distribution (EPD) website , download the Log4j Security Fix Patch for TrueSight Presentation Server _11.0 file.

2. Refer to the Security_Fixes_TSPS_11.0_Log4j-2.17.0_Readme files that you downloaded for instructions on applying the hotfix and apply the hotfix on TrueSight Presentation Server 11.0.