Page History
...
Product | CVE-2021-44228 | Fix Status | Fix Release 1) | CVE-2021-45046 / CVE-2021-45105 | Fix Status | Fix Release 2) | How To Upgrade | |||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
ApplicationInsights | vulnerable - fix available | released - Dec 14 | 1.6.3 | vulnerable - fix available | released - Dec 14 | 1.6.3 | Upgrade ApplicationInsights (≥ v1.5.1) | |||||
ConnectionsExpert 2.x | vulnerable - fix available | released - Dec 15 | 2.1.3 | vulnerable - fix available | released - Dec 15 | 2.1.3 | Upgrade ConnectionsExpert (> v2.0) | |||||
ConnectionsExpert 3.x | vulnerable - fix available | released - Dec 16 | 3.1.3 | vulnerable - fix available | released - Dec 16 | 3.1.3 | Upgrade ConnectionsExpert (> v2.0) | |||||
GreenLight | vulnerable - fix available | released - Dec 15 | 4.5.0 | vulnerable - fix available | released - Dec 15 | Upgrading GreenLight - only for >=3.5.x | Metabase vulnerable 3) | waiting for Metabase | 4.5.1||||
iDNA | vulnerable - fix available | released - Dec 16 | 2.11.1 | vulnerable - fix available | released - Dec 16 | 2.11.1 | Please contact support - all customers should be migrated to iDNA Applications already. | |||||
iDNA Applications | vulnerable - fix available | released - Dec 13 | 2.1.2 | vulnerable - fix available | released - Dec 13 | 2.2.1.2 | Upgrading iDNA Applications | Metabase vulnerable 3)waiting for Metabase | 2.2.0 | |||
MarvelClient | safe | safe | ||||||||||
OfficeExpert | vulnerable - fix available | released - Dec 14 | 4.3.3 | vulnerable - fix available | released - Dec 14 | 4.3.3 | Upgrading OfficeExpert | |||||
Metabase vulnerable 3) | waiting for Metabase | 4.3.4 | ||||||||||
OfficeExpert EPM | safe | safe | ||||||||||
SecurityInsider / GroupExplorer | safe | safe | ||||||||||
SmartChanger | safe | safe | ||||||||||
Document Properties Plugin | safe | safe | ||||||||||
LogViewer Plugin | safe | safe | ||||||||||
Network Monitor Plugin | safe | safe | ||||||||||
PrefTree Plugin | safe | safe | ||||||||||
Tabzilla Plugin | safe | safe | ||||||||||
Timezone Helper Plugin | safe | safe |
...
Note | ||||
---|---|---|---|---|
| ||||
Metabase includes Log4j and is vulnerable to CVE-2021-44228. For a first fix we update to Metabase 0.40.7 (which includes Log4j 2.15.0 and protects from the remote code execution exploit). Releases with this fix can be found in the left part of the table above. (column marked with 1) ) The more recently discovered CVE-2021-45046 requires Log4j 2.16.0, and the even more recent CVE-2021-45105 requires 2.17.0. Both CVEs are fixed in our own code (release in column marked with 1) ), but we are waiting for the Metabase release which includes 2.17.0 at the moment for the our next release.
|
What happens now? What do I need to do?
We are currently in the process of creating new releases that contain the necessary fixes. Releases for some products are already out, and we are releasing the rest as fast as safely possible. Progress will be tracked in this knowledge base article.
You will need to update any products that are affected. The releases in the left part of the table (column marked with 1) ) are the important update to protect you against the more severe CVE and should be applied ASAP. The last release to fix less severe issues in Metabase is in the works.
Our service and support teams are in the process of contacting all our customers to answer questions and help where needed. Please send requests and questions to support@panagenda.com
...