Published on: December 20, 2021
Summary
Systemware continues our analysis of the remote code execution vulnerability (CVE-2021-45105) related to Apache Log4j2 (a logging tool used in many Java-based applications) disclosed on 18 Dec 2021. This vulnerability affects Apache Log4j2 versions 2.0-alpha1 through 2.16.0.
No release of Systemware Content Cloud software prior to Version 7 is impacted.
Solution
All current releases of Systemware Content Cloud Version 7 are now being remediated.
To address this vulnerability, Systemware updated our code from using log4j 2.16.0 to now use log4j 2.17.0. We updated our code on Saturday, December 18, and continue testing.
For any customer currently running Content Cloud Version 7.*, please contact technical support via phone, (972) 239-2803, or email (techsupport@systemware.com) and provide your current release levels for Cloud Manager, Content Integrator, Content Server DS, and Content Store. We will provide an updated build that is not subject to this vulnerability.
Mitigation
Systemware recommends an upgrade to the latest version of Content Cloud dated on or after December 21, 2021.
This is an immediate remediation.
