Vulnerability details can be found from: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228
Sovelia Security Advisory
Sovelia PLM server
SOVELIA PLM server is not affected as it does not utilize Log4j. The Log4j library is not deployed by default with the out of the box Apache Tomcat installation that Symetri uses.
ActionServer - Batch processing component
Batch processing component called ActionServer is sometimes used as a supplementary service connected to Sovelia PLM server.
ActionServer is using Log4j. However, the used library version does not include the vulnerability mentioned above.
Other Symetri technology components around Sovelia PLM
Symetri has not identified any other SOVELIA PLM components affected by Log4j vulnerability.
Symetri recommendation
Even though current versions of Sovelia PLM products are not affected by this vulnerability, Symetri always recommends its customers to keep their software up to date.
Sovelia PLM release 19.0 - Released in early 2019 – and older release of Sovelia PLM might include old version of Log4j library files. As Log4j is not used at all by Sovelia PLM server these files can be safely removed.
All releases newer than 19.0 of Sovelia PLM does not include any version of the Log4j library files.
The latest Sovelia PLM release available is 21.1.2, released on 23th Nov 2021.
If you have any questions or concerns, please contact your local account manager or the Sovelia team info@sovelia.com.