You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

What has happened?

Recently a critical vulnerability (CVE-2021-44228) was discovered in the Apache Log4j library. This vulnerability can be exploited remotely without authentication and allows remote code execution. It ranks a 10 out of 10 on the CVSS severity level. It has pretty much set the world aflame. You can get more about what happened here and an overview with more links here.

Are panagenda products affected?

Yes. See the table below for details.

After publication of this, we immediately started checking all our products for exposure to this vulnerability. As was to be feared, many of our products use Log4j (or include third-party components that do), are therefore vulnerable, and need to be updated.

ProductStatusFix ReleaseAvailabilityHow To Upgrade
ApplicationInsightsvulnerable1.6.3not yetUpgrade ApplicationInsights (≥ v1.5.1)
ConnectionsExpert 2.xvulnerable2.1.3not yetUpgrade ConnectionsExpert (> v2.0)
ConnectionsExpert 3.xvulnerable3.0.2not yetUpgrade ConnectionsExpert (> v2.0)
GreenLightvulnerable4.5.0yes - Dec 13Upgrading GreenLight - only for >=3.5.x
iDNAvulnerable2.11.1not yetplease contact support
iDNA Applicationsvulnerable2.1.2not yetUpgrading iDNA Applications
MarvelClientsafe


OfficeExpertvulnerable4.3.3not yetUpgrading OfficeExpert
OfficeExpert EPMsafe


SecurityInsider / GroupExplorersafe







Document Properties Plugin

safe


LogViewer Pluginsafe


Network Monitor Pluginsafe


PrefTree Pluginsafe


Tabzilla Pluginsafe


Timezone Helper Pluginsafe


What happens now? What do I need to do?

We are currently in the process of creating new releases that contain the necessary fixes. Releases for some products are already out, and we are releasing the rest as fast as safely possible. Progress will be tracked in this knowledge base article and on our corresponding blog post.

You will need to update any products that are affected. Our service and support teams are in the process of contacting all our customers to answer questions and help where needed.

Please send requests and questions to support@panagenda.com


We will keep updating this post with more information as it becomes available.