Product Shortcuts

OfficeExpert

MarvelClient

iDNA Applications

ConnectionsExpert

SecurityInsider

Versions Compared

Old Version 29

changes.mady.by.user markus sablatnig [panagenda]

Saved on

compared with

New Version 30

changes.mady.by.user markus sablatnig [panagenda]

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Note
titleRegarding Metabase

Metabase includes Log4j and is vulnerable to CVE-2021-44228. For a first fix we update to Metabase 0.40.7 (which includes Log4j 2.15.0 and protects from the remote code execution exploit).

The more recently discovered CVE-2021-45046 requires Log4j 2.16.0 for which no Metabase release is available yet. 
However: this newer CVE is far less critical, and according to Metabase developers it should not even be affected by it. Still, we are waiting for a new Metabase version and will create new releases once it is available just to be as safe as possible. In the meantime, if

If you are unsureuncomfortable with CVE-2021-45046, you can update to the fix version for the original CVE and manually turn off Metabase in the affected productsfor now:

  • Connect to the appliance with ssh or putty

  • For GreenLight:

    Code Block
    docker stop gl_metabase

  • For OfficeExpert and iDNA Applications:

    Code Block
    docker stop panagenda_metabase


Overview and Status

Upgrading iDNA Applications
ProductCVE-2021-44228Fix StatusFix Release
CVE-2021-45046Fix Status (all CVEs)Fix Release
How To Upgrade
ApplicationInsightsvulnerable - fix availablereleased - Dec 141.6.3
vulnerable - fix availablereleased - Dec 141.6.3
Upgrade ApplicationInsights (≥ v1.5.1)
ConnectionsExpert 2.xvulnerable - fix availablereleased - Dec 152.1.3
vulnerable - fix availablereleased - Dec 152.1.3
Upgrade ConnectionsExpert (> v2.0)
ConnectionsExpert 3.xvulnerablein testing3.0.2
vulnerablein testing3.0.2
Upgrade ConnectionsExpert (> v2.0)
GreenLightvulnerable - fix availablereleased - Dec 154.5.0
vulnerable - fix available

released - Dec 15

4.5.0


Upgrading GreenLight - only for >=3.5.x





Metabase potentially vulnerable 1)waiting for Metabase4.5.1

iDNAvulnerablein testing2.11.1
vulnerablein testing2.11.1
please contact support
iDNA Applicationsvulnerable - fix availablereleased - Dec 132.1.2
vulnerable - fix availablereleased - Dec 132.1.2
Upgrading iDNA Applications





Metabase potentially vulnerable1)waiting for Metabase2.1.3

MarvelClientsafe


safe



OfficeExpertvulnerable - fix availablereleased - Dec 144.3.3
vulnerable - fix availablereleased - Dec 144.3.3
Upgrading OfficeExpert





Metabase potentially vulnerable 1)waiting for Metabase4.3.4

OfficeExpert EPMsafe


safe



SecurityInsider / GroupExplorersafe


safe



SmartChangersafe


safe













Document Properties Plugin

safe


safe



LogViewer Pluginsafe


safe



Network Monitor Pluginsafe


safe



PrefTree Pluginsafe


safe



Tabzilla Pluginsafe


safe



Timezone Helper Pluginsafe


safe

...





1) See info box "Regarding Metabase" above the table

What happens now? What do I need to do?

...