Polarion: Not affected by Log4j („Log4Shell“)

On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications)
was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems.
The vulnerability is tracked by Siemens as CVE-2021-44228 and is also known as “Log4Shell”.

On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) was published rendering
the initial mitigations and fix in version 2.15.0 as incomplete under certain non-default configurations.
Log4j versions 2.16.0 and 2.12.2 are supposed to fix both vulnerabilities.

On 2021-12-17, CVE-2021-45046 was reclassified with an increased CVSS base score (from 3.7 to 9.0).
The potential impact of CVE-2021-45046 now includes – besides denial of service – also information
disclosure and local (and potential remote) code execution.

Siemens is currently investigating to determine which products are affected and is continuously updating
this advisory as more information becomes available.

Polarion is not affected!

Find more details:

Polarion: Polarion ALM 21 R2 ist verfügbar

Das neue Polarion ALM 21 R2 ist verfügbar und steht zum Update/Download bereit. Eine Zusammenfassung der neuen Highlights gibt es hier – Polarion Blog

Neuerungen sind unter anderem:

  • Xcelerator Share Integration
  • Table-type Custom Field
  • LiveDoc Collaboration Enhancements
  • LiveDoc Collaboration
  • Improvements to Connectors
  • LiveDoc Sidebar Extensions
  • Derived Document Improvements
  • Announcement: New version of the Polarion MathWorks Simulink connector