Versions Compared

Old Version 40

changes.mady.by.user Developer

Saved on

compared with

New Version 41

changes.mady.by.user Developer

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

[updated on 2021 12 16 1417 12:00 GMT+1]

More about the issue: https://github.com/advisories/GHSA-jfh8-c2jp-5v3q

...

  • Teamwork Cloud (release 2021x Refresh1, 2021x Refresh2)
  • Cameo Collaborator for Teamwork Cloud (release  2021x Refresh1, 2021x Refresh2)
  • MagicDraw (release 2021x Refresh1, 2021x Refresh2)
  • Cameo Systems Modeler (release 2021x Refresh1, 2021x Refresh2)
  • Cameo Enterprise Architecture (release 2021x Refresh1, 2021x Refresh2)

To Do:  You have action to perform. See Remediation.

FlexNet Publisher 

  • lmadmin (FlexNet Publisher 64-bit License Server Manager)

To Do:  You  You have action to perform, if you are using lmadmin Alerter Service. For more information, see see here.


Apache Log4j2 version 2.0-2.14.1 is a part of the following products, however it is not used for logging. No action to perform.

...

For modeling tools (Magic Software Architect, Magic Cyber Systems Engineer, Magic Systems of Systems Architect , MagicDraw, Cameo Systems Modeler, Cameo Enterprise Architecture)

Option 1

  1. Download the latest log4j 2.15.0 patched version .
  2. Replace all log4j 2.x jar files with their respective equivalents from the downloaded version 2.15.0 zip file while keeping the original file name.

...

See the detailed procedure to mitigate the risk concerning the CVE-2021-44228 vulnerability

Option 2

You may prevent lookups in the log event message by adding parameter via command line or in the <modeling tool>.properties file.

Configuring<modeling tool>.properties file

...

.

...

 

...

Code Block
-Dlog4j.formatMsgNoLookups=true

For example:  

Code Block
JAVA_ARGS=-Xmx4000M -DLOCALCONFIG\=true -splash\:data/splash.png -Dmd.class.path\=$java.class.path -Dcom.nomagic.osgi.config.dir\=configuration -Desi.system.config\=data/application.conf -Dlogback.configurationFile\=data/logback.xml -Dsun.locale.formatasdefault\=true -Dinitial.user.language\=en -Xss1024K -Dlog4j.formatMsgNoLookups=true

...


For collaboration tools (Magic Collaboration Studio, Cameo Collaborator for Teamwork Cloud, Teamwork Cloud)

Option 1

You may prevent lookups in the log event message by adding parameter via command line or in Web Application Platform setenv.sh / setenv.bat properties file.

...