About Log4J vulnerabilities and SodiusWillert products

As some of you already know, a cyber security risk has been found in a piece of software called Log4j.

This widespread software can be found in many applications today and there foremost of our customers are actively cleaning their tool landscape where necessary to eliminate the possibility of any remote code execution (cyber-attacks).

Customers also contact us to ask if our products and the products we sell are safe to keep using as is or if they need to take special action. Below you can find more information about each of the products and links to the necessary actions that might be required to take.

Products that require your immediate action

• IBM ELM Jazz
• IBM RPE
• IBM Engineering Systems Design Rhapsody (Rhapsody)

Products that are vulnerable in specific situations

• IBM DOORS Classic (the optionally available Knowledge Center has been compromised)

Products that contain Log4j but not in a web-based form and pose no risk

• M2M Transformation for Rhapsody
• RXF V8.00 C++ Cert (but only in a part of the automated test execution that is not necessary for deployment)
• Older RXF Release V6

• OSLC Connect for Jira
  • Check out Atlassian recommendations for risk mitigation
• SECollab
• Publisher for Rhapsody
• Publisher Rational Software Architect
• Publisher for System Architect
• DXL Editor Pro
  • Information on possible Eclipse log4j2 vulnerabilities
• RXF (except V8 Cert variant)
• RXF for AUTOSAR Classic Platform
• ReqXChanger

If you are required to install any product patches/updates and need access to these files, please contact our Support.

If you would like any additional information, please contact us.