Product Shortcuts

OfficeExpert

MarvelClient

iDNA Applications

ConnectionsExpert

SecurityInsider

Versions Compared

Old Version 53

changes.mady.by.user markus sablatnig [panagenda]

Saved on

compared with

New Version 54

changes.mady.by.user markus sablatnig [panagenda]

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Update 2021-12-14: Another vulnerability related to Log4j has popped up: CVE-2021-4104. None of our products are vulnerable to this new CVE.
Update 2021-12-15: A third vulnerability, CVE-2021-45046, has been discovered. Some of our products are vulnerable. This CVE is only classed as a 3.7 out of 10, and can only be used to perform a DOS (denial-of-service) attack.
Update 2021-12-17: The above CVE-2021-45046 now had its severity level increased to 9, and also allows remote code execution. Still, Metabase says they are not using non default configurations, which makes it not vulnerable.
Update 2021-12-19: Another Log4j exploit has been reported: CVE-2021-45105. Apache classes it as a 7.5, it can be used to execute a DOS attack.


After the first vulnerability was published, we immediately started checking all our products for exposure to it. As was to be feared, many of our products use Log4j (or include third-party components that do), are therefore vulnerable, and need to be updated.

...

ProductCVE-2021-44228Fix StatusFix Release 1)
CVE-2021-45046 / CVE-2021-45105Fix StatusFix Release 2)
How To Upgrade
ApplicationInsightsvulnerable - fix availablereleased - Dec 141.6.3
vulnerable - fix availablereleased - Dec 141.6.3
Upgrade ApplicationInsights (≥ v1.5.1)
ConnectionsExpert 2.xvulnerable - fix availablereleased - Dec 152.1.3
vulnerable - fix availablereleased - Dec 152.1.3
Upgrade ConnectionsExpert (> v2.0)
ConnectionsExpert 3.xvulnerablereleased - Dec 163.1.3
vulnerablereleased - Dec 163.1.3
Upgrade ConnectionsExpert (> v2.0)
GreenLightvulnerable - fix availablereleased - Dec 154.5.0
vulnerable - fix available

released - Dec 15

4.5.0


Upgrading GreenLight - only for >=3.5.x





Metabase potentially vulnerable 3)in testingwaiting for Metabase4.5.1

iDNAvulnerablereleased - Dec 162.11.1
vulnerablereleased - Dec 162.11.1
Please contact support - all customers should be migrated to iDNA Applications already.
iDNA Applicationsvulnerable - fix availablereleased - Dec 132.1.2
vulnerable - fix availablereleased - Dec 132.1.2
Upgrading iDNA Applications





Metabase potentially vulnerable 3)in testingwaiting for Metabase2.2.0

MarvelClientsafe


safe



OfficeExpertvulnerable - fix availablereleased - Dec 144.3.3
vulnerable - fix availablereleased - Dec 144.3.3
Upgrading OfficeExpert





Metabase potentially vulnerable 3)in testingwaiting for Metabase4.3.4

OfficeExpert EPMsafe


safe



SecurityInsider / GroupExplorersafe


safe



SmartChangersafe


safe













Document Properties Plugin

safe


safe



LogViewer Pluginsafe


safe



Network Monitor Pluginsafe


safe



PrefTree Pluginsafe


safe



Tabzilla Pluginsafe


safe



Timezone Helper Pluginsafe


safe



...