Is PingFederate Impacted by the Log4j2 Vulnerability (CVE-2021-44228)
Applies To
- ThingWorx Platform 8.4
- ThingWorx Navigate 1.7.0
- Windchill ProjectLink 11.0
- Windchill PDMLink 11.0
- Windchill MPMLink 11.0
- PTC RV&S (formerly Integrity Lifecycle Manager) 12.1
- Vuforia Experience Service 8.5.5
- PTC Arbortext Content Delivery (formerly Servigistics InService) 7.1.4.0
- PTC Modeler 9.4
- And all later versions
Description
- PTC has been made aware that the Ping Identity Ping Federate product is potentially vulnerable to a critical zero-day vulnerability reported by Apache Log4j.
CVE-2021-44228 has been published by Apache
- Base CVSS Score: 10.0 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- PTC customers that utilize Ping Federate in their SSO configurations for PTC SSO enabled products should review the details and proposed mitigation options provided by Ping Identity for their applicable Ping Federate version(s).