Article - CS358902

Is PingFederate Impacted by the Log4j2 Vulnerability (CVE-2021-44228)

Modified: 13-Dec-2021   


Applies To

  • ThingWorx Platform 8.4
  • ThingWorx Navigate 1.7.0
  • Windchill ProjectLink 11.0
  • Windchill PDMLink 11.0
  • Windchill MPMLink 11.0
  • Windchill RV&S (formerly Integrity Lifecycle Manager) 12.1
  • Vuforia Experience Service 8.5.5
  • PTC Arbortext Content Delivery (formerly Servigistics InService) 7.1.4.0
  • Windchill Modeler (formerly Integrity Modeler) 9.4
  • And all later versions

Description

  • PTC has been made aware that the Ping Identity Ping Federate product is potentially vulnerable to a critical zero-day vulnerability reported by Apache Log4j.

CVE-2021-44228 has been published by Apache

  • Base CVSS Score: 10.0 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • PTC customers that utilize Ping Federate in their SSO configurations for PTC SSO enabled products should review the details and proposed mitigation options provided by Ping Identity for their applicable Ping Federate version(s).
This is a PDF version of Article CS358902 and may be out of date. For the latest version click https://www.ptc.com/en/support/article/CS358902