All product remediation actions provided by PTC will apply to current and actively supported software versions. However, the remediation steps for these versions will be similar or identical to earlier versions that leverage Log4j v1 or v2 and are no longer actively supported by PTC.
PTC strongly encourages customers on non-supported versions to take similar actions to protect their infrastructure and should not assume that previous versions of the software are not impacted by the vulnerabilities disclosed to date. Notably, PTC provides numerous security and performance-related improvements as we release new versions of our software. PTC strongly advocates for customers to leverage supported versions at their earliest opportunity to take advantage of these improvements and have the strongest possible security posture.
PTC believes that addressing cybersecurity threats is a shared responsibility across software providers, customers and active users of the software, partners and software integrators, governments and regulators, and more. PTC remains committed to fulfilling its role as a software provider in this shared responsibility model and strongly encourages other groups – including customers and active users – to fulfill theirs.
For products not listed below, we will provide recommended actions as they become available. Please refer back to this alert for future updates.
If you need to contact PTC, please go to: www.ptc.com/support.
Not vulnerable to Log4j CVE2021-44228 vulnerability.
Updated December 15, 2021 at 8:08 p.m.
Not vulnerable to Log4j CVE2021-44228 vulnerability.
Updated December 15, 2021 at 8:08 p.m.
Not vulnerable to Log4j CVE2021-44228 vulnerability.
Updated December 14, 2021 at 11:45 p.m.
https://www.ptc.com/en/support/article/CS358998
Updated December 15, 2021 at 9:45 a.m.
https://www.ptc.com/en/support/article/CS358957
Updated December 23, 2021 at 9:33 a.m.
Not vulnerable to Log4j CVE-2021-44228 vulnerability. Refer to CS358831 for impacts related to the Creo License Server: https://www.ptc.com/en/support/article/CS358831
Updated January 14, 2022 at 9:45 a.m.
https://www.ptc.com/en/support/article/CS358990
Updated December 14, 2021 at 11:45 p.m.
https://www.ptc.com/en/support/article/CS359313
Updated December 17, 2021 at 4:11 p.m.
https://www.ptc.com/en/support/article/CS358831
Updated January 14, 2022 at 9:45 a.m.
https://www.ptc.com/en/support/article/CS358965
Updated December 22, 2021 at 9:22 a.m.
Not vulnerable to Log4j CVE-2021-44228 vulnerability. No further action required.
Updated December 15, 2021 at 8:08 a.m.
https://www.ptc.com/en/support/article/CS358831
Updated January 14, 2022 at 9:45 a.m.
https://www.ptc.com/en/support/article/CS358831
https://www.ptc.com/en/support/article/CS359127
https://www.ptc.com/en/support/article/CS360340
Updated January 14, 2022 at 9:45 a.m.
https://www.ptc.com/en/support/article/CS358831
Updated January 14, 2022 at 9:45 a.m.
https://www.ptc.com/en/support/article/CS358831
Updated January 14, 2022 at 9:45 a.m.
https://www.ptc.com/en/support/article/CS359116
Updated December 22, 2021 at 9:22 a.m.
Not vulnerable to Log4j CVE-2021-44228 vulnerability.
Updated December 16, 2021 at 3:50 p.m.
Warranty analytics (Service Intelligence) uses IBM Cognos. Please refer to the Cognos section below under "3rd Party Tools/Products" for more details. All other modules are not vulnerable to Log4j CVE-2021-44228 vulnerability.
Updated December 17, 2021 at 9:11 a.m.
https://www.ptc.com/en/support/article/CS358996
Updated December 15, 2021 at 8:45 a.m.
https://www.ptc.com/en/support/article/CS358831
Updated January 14, 2022 at 9:45 a.m.
https://www.ptc.com/en/support/article/CS359084
Updated December 17, 2021 at 4:19 p.m.
https://www.ptc.com/en/support/article/CS359123
Updated December 17, 2021 at 4:15 p.m.
https://www.ptc.com/en/support/article/CS359320
Updated December 17, 2021 at 5:26 p.m.
Not vulnerable to Log4j CVE2021-44228 vulnerability.
Updated December 15, 2021 at 8:08 p.m.
Resolved 9:30 AM EST Friday, December 10, 2021.
Updated December 14, 2021 at 11:45 p.m.
https://www.ptc.com/en/support/article/CS359312
Updated December 17, 2021 at 4:12 p.m.
Not vulnerable to Log4j CVE2021-44228 vulnerability.
Updated December 14, 2021 at 11:45 p.m.
https://www.ptc.com/en/support/article/CS359314
Updated December 17, 2021 at 4:17 p.m.
Not vulnerable to Log4j CVE2021-44228 vulnerability. Analysis of Log4j 1.x underway.
Updated December 14, 2021 at 11:45 p.m.
https://www.ptc.com/en/support/article/CS358886
Updated December 21, 2021 at 11:41 a.m.
Not vulnerable to Log4j CVE2021-44228 vulnerability.
Updated December 15, 2021 at 8:08 p.m.
https://www.ptc.com/en/support/article/CS358901
Updated December 15, 2021 at 9:45 a.m.
https://www.ptc.com/en/support/article/CS359107
Updated December 14, 2021 at 5 p.m.
https://www.ptc.com/en/support/article/CS358901
Updated December 14, 2021 at 11:58 p.m.
Not vulnerable to Log4j CVE2021-44228 vulnerability.
Updated December 14, 2021 at 11:45 p.m.
Not vulnerable to Log4j CVE2021-44228 vulnerability.
Updated December 14, 2021 at 11:45 p.m.
Resolved 9:28 AM PST Friday, December 14, 2021.
Updated December 16, 2021 at 12:56 p.m.
Not vulnerable to Log4j CVE2021-44228 vulnerability.
Updated December 14, 2021 at 11:45 p.m.
Not vulnerable to Log4j CVE2021-44228 vulnerability.
Updated December 14, 2021 at 11:45 p.m.
Not vulnerable to Log4j CVE2021-44228 vulnerability. This update Includes Vuforia Experience Service and Vuforia View.
Updated December 17, 2021 at 12:08 p.m.
https://www.ptc.com/en/support/article/CS359321
Updated December 17, 2021 at 5:26 p.m.
Not vulnerable to Log4j CVE2021-44228 vulnerability.
Updated December 17, 2021 at 12:09 p.m.
Not vulnerable to Log4j CVE2021-44228 vulnerability.
Updated December 14, 2021 at 11:45 p.m.
https://www.ptc.com/en/support/article/CS358789
Updated January 12, 2022 at 9:17 a.m. EST
Not vulnerable to Log4j CVE2021-44228 vulnerability.
Updated December 21, 2021 at 4:32 p.m.
Not vulnerable to Log4j 2.x vulnerabilities CVE-2021-44228 & CVE 2021-45046. Not vulnerable to Log4j 1.x vulnerability CVE-2021-4104.
Updated December 17, 2021 at 4:07 p.m.
https://www.ptc.com/en/support/article/CS358984
Updated December 20, 2021 at 11:37 a.m.
Not vulnerable to Log4j CVE-2021-44228 vulnerability. Refer to CS358831 for impacts related to the PTC License server:
https://www.ptc.com/en/support/article/CS358831
Updated January 14, 2022 at 9:45 a.m.
https://www.ptc.com/en/support/article/CS358804
Updated December 14, 2021 at 11:58 p.m.
Not vulnerable to Log4j CVE2021-44228 vulnerability.
Updated December 15, 2021 at 8:08 p.m.
Updated as of December 22, 2021. Please refer back to this alert for future updates.
In response to the Log4j security vulnerabilities, PTC Cloud is fully committed to applying all formally recommended actions to protect against Apache Log4j 2 CVE-2021-44228 and CVE 2021-45046 across all technology vectors supported as part of our Cloud service.
As part of that commitment, we remain completely aligned with PTC’s various R&D organizations. As applicable and based on the latest published recommendations, we are proactively and expeditiously executing required actions that best protect our customers against security threats.
PTC Cloud’s latest remediation actions can be found in our most recent published articles referenced under Cloud Products and Cloud 3rd Party sections below.
Across all technology platforms supported as part of our Cloud service, PTC Cloud has taken remediation actions to protect against all known critical vulnerabilities. As of this posting, PTC’s Cloud Security leadership team has determined that based on our hosting parameters, patch version 2.16 is the required patch level needed to remediate across known Log4j critical vulnerabilities.
PTC Cloud Management recognizes the recent release of Log4j patch 2.17; however, as noted above, this patch level is not required to be urgently applied. Accordingly, PTC Cloud will proceed under a standard maintenance process to upgrade to this patch level. Moving forward, we will continue to prioritize our efforts on urgent Log4j remediations requiring time-sensitive responses and actions.
As previously stated, as we react to the Log4j situation, PTC Cloud will continue to act with the utmost urgency. We will do our best to communicate in advance of any action requiring maintenance downtime. However, in some cases, as our top priority is to provide protection and security, we may not be able to plan communication before taking necessary security measures.
We will continue to provide ongoing updates in this central communication forum as required. We recommend that you continuously gain updates through this communication vehicle.
If you have any questions or concerns, please send your inquires to cloudservicemanagement@ptc.com and we will respond to you as soon as possible.
-Cloud Management
For products not listed below, we will provide recommended actions as they become available. Please refer back to this alert for future updates.
If you need to contact PTC, please go to: www.ptc.com/support.
https://www.ptc.com/en/support/article/CS359116
Updated December 22, 2021 at 9:22 a.m.
Refer to the IBM published update page for reported impacts and recommended remediation steps: An update on the Apache Log4j CVE-2021-44228 vulnerability
To address any immediate concerns, Cognos may be turned off until more details are confirmed. Report generation will be disabled until resolved. All other product functionality will remain normal.
Updated December 21, 2021 at 10:28 a.m.
https://confluence.dynatrace.com/community/display/PUBNEWS/Special+Service%3A+AppMon+Log4j+vulnerability+update
Updated December 16, 2021 at 8:53 a.m.
https://www.ptc.com/en/support/article/CS358902
Updated December 14, 2021 at 11:58 p.m.
Refer to the Apache Solr published advisory for Solr related impacts and recommended remediation steps: Apache Solr affected by Apache Log4J CVE-2021-44228
To address any immediate concerns, Solr may be turned off until more details are confirmed. Index Search will be disabled until resolved. All other product functionality will remain normal.
Updated December 21, 2021 at 4:32 p.m.
Refer to the TIBCO published article for TIBCO reported impacts and recommended remediation steps: TIBCO Log4j Vulnerability Daily Update
Updated December 21, 2021 at 10:28 a.m.
Page Not Found
Item not available in English.