技術文章 - CS359116
Are the Creo View Adapters (including Adobe Experience Manager) Impacted by the Log4j2 Vulnerabilities (CVE-2021-44228 and CVE-2021-45046)
修改時間: 04-Mar-2022
套用到
- Creo View Adapters 4.2 to 8.1
- Adobe Experience Manager Forms 6.3 to 6.5
描述
- PTC has been made aware that the Adobe Experience Manager Forms on JEE product is potentially vulnerable to a critical zero-day vulnerability reported by Apache Log4j.
- Mitigating Log4j2 vulnerabilities (CVE-2021-44228 and CVE-2021-45046) for Experience Manager Forms has been published by Adobe
- Base CVSS Score: 10.0 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- PTC customers that utilize Adobe Experience Manager for Document/Office Publishing with the Creo View Adapters should review the details and proposed mitigation options provided by Adobe for their applicable Adobe Experience Manager versions
- Please see resolution for further details
- The Creo View Client Worker used for Interference Detection and Batch Print does utilize the Creo License Server
- For mitigation of impacts on the Creo License Server, please see CS358831
- All other Creo View Adapters are not affected by this vulnerability
This is a PDF version of Article CS359116 and may be out of date. For the latest version https://www.ptc.com/tw/support/article/cs359116