Apache Log4j Critical Vulnerability (CVE-2021-44228) in the context of Symetri Sovelia PLM application

December 9, 2021, the Apache Software Foundation released Log4j 2.15.0 to resolve a critical remote code execution vulnerability (CVE-2021-44228) affecting versions 2.0-beta9 through 2.14.1. Apache Log4j is commonly used Java logging library with Apache Tomcat web applications.  

Vulnerability details can be found from:  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228 

Sovelia Security Advisory 

Sovelia PLM server 

SOVELIA PLM server is not affected as it does not utilize Log4j.  The Log4j library is not deployed by default with the out of the box Apache Tomcat installation that Symetri uses.

ActionServer - Batch processing component 

Batch processing component called ActionServer is sometimes used as a supplementary service connected to Sovelia PLM server. 

ActionServer is using Log4j. However, the used library version does not include the vulnerability mentioned above.  


Other Symetri technology components around Sovelia PLM 

Symetri has not identified any other SOVELIA PLM components affected by Log4j vulnerability. 


Symetri recommendation  

Even though current versions of Sovelia PLM products are not affected by this vulnerability, Symetri always recommends its customers to keep their software up to date.  

Sovelia PLM release 19.0 - Released in early 2019 – and older release of Sovelia PLM might include old version of Log4j library files. As Log4j is not used at all by Sovelia PLM server these files can be safely removed.

All releases newer than 19.0 of Sovelia PLM does not include any version of the Log4j library files.

The latest Sovelia PLM release available is 21.1.2, released on 23th Nov 2021.

If you have any questions or concerns, please contact your local account manager or the Sovelia team info@sovelia.com.

Join the Sovelia sessions at this years Autodesk University

29 September 2021

Two Sovelia add-ons to Autodesk software are being introduced to all AU attendees this year, Sovelia Vault for Vault users and Sovelia Visualizer for Inventor users. Attending AU is free, so just click the links below to sign up.

Sovelia PLM release 21.1 now available

16 September 2021

This Sovelia PLM version release includes support for Single Sign On (SSO), New tagging function, Grid configuration optimisation, Hierarchical Data fields enhancements.