As some of you already know, a cyber security risk has been found in a piece of software called Log4j.
This widespread software can be found in many applications today and there foremost of our customers are actively cleaning their tool landscape where necessary to eliminate the possibility of any remote code execution (cyber-attacks).
Customers also contact us to ask if our products and the products we sell are safe to keep using as is or if they need to take special action. Below you can find more information about each of the products and links to the necessary actions that might be required to take.
Products that require your immediate action
Products that are vulnerable in specific situations
- IBM DOORS Classic (the optionally available Knowledge Center has been compromised)
Products that contain Log4j but not in a web-based form and pose no risk
- M2M Transformation for Rhapsody
- RXF V8.00 C++ Cert (but only in a part of the automated test execution that is not necessary for deployment)
- Older RXF Release V6
Products that do not contain Log4j and pose no risk
- OSLC Connect for Jira
- Check out Atlassian recommendations for risk mitigation.
- OSLC Connect for Windchill
- Check out PTC’s recommendations for risk mitigation.
- Publisher for Rhapsody
- Publisher Rational Software Architect
- Publisher for System Architect
- DXL Editor Pro
- Information on possible Eclipse log4j2 vulnerabilities.
- RXF (except V8 Cert variant)
- RXF for AUTOSAR Classic Platform
If you would like any additional information, please contact us.