Article - CS359116

Are the Creo View Adapters (including Adobe Experience Manager) Impacted by the Log4j2 Vulnerabilities (CVE-2021-44228 and CVE-2021-45046)

Modified: 13-Mar-2024   


Applies To

  • Creo View Adapters 4.2 to 8.1
  • Adobe Experience Manager Forms 6.3 to 6.5

Description

  • PTC has been made aware that the Adobe Experience Manager Forms on JEE product is potentially vulnerable to a critical zero-day vulnerability reported by Apache Log4j.
  • Mitigating Log4j2 vulnerabilities (CVE-2021-44228 and CVE-2021-45046) for Experience Manager Forms has been published by Adobe
    • Base CVSS Score: 10.0 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
    • PTC customers that utilize Adobe Experience Manager for Document/Office Publishing with the Creo View Adapters should review the details and proposed mitigation options provided by Adobe for their applicable Adobe Experience Manager versions
    • Please see resolution for further details
  • The Creo View Client Worker used for Interference Detection and Batch Print does utilize the Creo License Server
    • For mitigation of impacts on the Creo License Server, please see CS358831
  • All other Creo View Adapters are not affected by this vulnerability
This is a printer-friendly version of Article 359116 and may be out of date. For the latest version click CS359116