Impact of recently released CVE-2021-44228 on "Log4Shell" on Winshuttle applications
All versions of Enterworks are impacted by CVE-2021-44228 - "Log4Shell"
The following Enterworks services are impacted:
- Core Enterworks Services: Engineering currently testing remediation steps. ETA 12/16
- Enable Server Tomcat - log4j-core-2.3.jar
- Enable Server Jboss Controller - log4j-core-2.3.jar
- Enable Server Jboss Worker - log4j-core-2.3.jar
- Elasticsearch Service - 5.02 version out of date
- Jasper Reports
Please download the following two files attached below:
Follow the instructions in the readme.txt
Then, complete the ElasticSearch and Fusion steps in the manual documentation below, if those are in use in your environment.
Please download the following 3 files:
Follow the instructions in the PDF document within your Enterworks infrastructure.
If you need the Infolink .war file mentioned on page 6 of the PDF, you can download it here: https://ws.onehub.com/workspaces/557585/folders/2503869742 Please put in a support ticket if you can not access this folder.
In regards to Jasper Reports: We are monitoring Tibco support for remediation: https://support.tibco.com/s/article/Apache-Log4J-Vulnerability-and-Impact-to-TIBCO-Products-and-Services
With regards to the impact of recently released CVE-2021-44228 aka "Log4Shell"(the “Affected Software”) within our current product offerings, please be aware that we are currently conducting our internal assessment across our entire product and service portfolio to determine which may be affected and the associated remediation guidelines if required. We will be releasing product specific information and recommended response steps following our assessment protocol. We are also assessing our infrastructure and key suppliers and partners to determine if they have been impacted by the Affected Software.
We will update this page with more information shortly.