Security Advisory: Log4j Java Vulnerability (CVE-2021-44228)
Incident Report for Revenera System Status Dashboard
We believe we have addressed the concerns as they relate to CVE-2021-44228. For more information about this or related vulnerabilities, please visit the Security Advisory:
Posted Jan 12, 2022 - 11:04 PST
A critical vulnerability in Apache Log4j 2 impacting versions from 2.0-beta9 to 2.14.1 has been publicly disclosed. The vulnerability has been assigned the identifier CVE-2021-44228.

The article referenced below provides currently available information about the potential impact of this vulnerability on Revenera products. Be advised this is an ongoing assessment. Updates will be made to this advisory as further information becomes available.

Please visit our Community for more detailed Revenera product assessment information:
Posted Dec 13, 2021 - 17:06 PST
As you may be aware, a vulnerability was discovered in the Log4j Java library, potentially allowing attackers to take control of systems and execute malicious commands. For more detailed information about the vulnerability, please see the following resources:

CVE Definition:
Expanded CVE Definition:
Apache Security Site for CVE severity, score, and vector string:

Revenera is actively working with our product teams to review Software Composition Analysis scans of our products to determine the impact, if any, on our solutions. We appreciate your patience and understanding, and we will provide an update once more information about affected products and remediation plans are confirmed.
Please follow our Community thread for further updates on this topic:
Posted Dec 13, 2021 - 11:11 PST