The remote code execution vulnerability (CVE-2021-44228) related to Apache Log4j (a logging tool used in many Java-based applications) disclosed on 9 Dec 2021; does this impact any area of Tecnomatix architecture like Oracle DB/eMServer/eMS Agent/eMClient configurations?
Solution
Short answer: It does not affect Tecnomatix.
Long answer:
Two components in Tecnomatix use Log4j:
1. Resource Browser
2. eBOP
Both distribute their own versions of Log4j, but they are both Log4j 1 (not 2).
Log4j 1 does not support this JNDI feature which has this vulnerability.
Notes and References
Hardware/Software Configuration
Platform: INTL64
OS: windows
OS Version: n/a
Product: TECNOMATIX
Application: PROCESS_SIMULAT
Version: V15.1
Function: BACKBONE_INTEG
Ref: 001-10230472