Article - CS359116
Are the Creo View Adapters (including Adobe Experience Manager) Impacted by the Log4j2 Vulnerabilities (CVE-2021-44228 and CVE-2021-45046)
Modified: 13-Mar-2024
Applies To
- Creo View Adapters 4.2 to 8.1
- Adobe Experience Manager Forms 6.3 to 6.5
Description
- PTC has been made aware that the Adobe Experience Manager Forms on JEE product is potentially vulnerable to a critical zero-day vulnerability reported by Apache Log4j.
- Mitigating Log4j2 vulnerabilities (CVE-2021-44228 and CVE-2021-45046) for Experience Manager Forms has been published by Adobe
- Base CVSS Score: 10.0 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- PTC customers that utilize Adobe Experience Manager for Document/Office Publishing with the Creo View Adapters should review the details and proposed mitigation options provided by Adobe for their applicable Adobe Experience Manager versions
- Please see resolution for further details
- The Creo View Client Worker used for Interference Detection and Batch Print does utilize the Creo License Server
- For mitigation of impacts on the Creo License Server, please see CS358831
- All other Creo View Adapters are not affected by this vulnerability
This is a printer-friendly version of Article 359116 and may be out of date. For the latest version click CS359116