Apache Log4j Vulnerability for SOLIDWORKS and 3DEXPERIENCE

Article by TriMech Solutions, LLC updated December 14, 2021

Article

With the recent identification of the security issue related to open-source Apache Log4j Utility (CVE-2021-44228)*, TriMech would like to provide details from Dassault Systèmes regarding the impacts on the SOLIDWORKS and 3DEXPERIENCE solutions and products that our clients are utilizing.

Dassault Systèmes Cybersecurity team has been actively investigating any potential impact of this vulnerability. Apache reported that CVE-2021-44228 applies only to Log4j versions 2.0-2.14.1, and does not apply to Log4j versions 1.x”

For the various solutions and platforms:

3DEXPERIENCE platform SaaS

In the hours following the announcement, Dassault Systèmes took immediate measures, as part of their vulnerability and threat intelligence processes, to mitigate potential risks related to 3DEXPERIENCE platform SaaS offering.
Dassault Systèmes is asking all Cloud users of Collaborative Designer for X-CAD to update to the version HF0.4 that will be available on Dec 14th. [updated on Dec, 14th. 3PM Paris time]
There is no expected action from Dassault Systèmes 3DEXPERIENCE platform Cloud customers not using Collaborative Designer for X-CAD. [updated on Dec, 14th. 3PM Paris time]

3DEXPERIENCE platform On-Premise

You have actions to perform only if you have installed one of the following medias:

“Business Insight Installation” (from R2021x)
- Please follow procedure by clicking here
“O3D_XCADDesignConnectors” (from R2020x HF1 (FP2006) and Upper, R2021x and R2022x)
- Please follow procedure by clicking here

All other 3DEXPERIENCE Platform medias are not impacted.

DELMIA Quintiq (All levels)

You have action to perform. Click here.

CATIA No Magic (R2021x Refresh 1 & 2)

You have action to perform. Please follow procedure by clicking here

You can also find more details in dedicated CATIA No Magic webpage (click here)

For all others Dassault Systèmes Solutions (including SOLIDWORKS, PDM Professional, PDM Standard, etc.)

[updated on Dec, 14th. 10AM Paris time]

There is no impact identified.
The procedures here must be applied only if you are concerned by one of the solutions above.
A few investigations are still on going, so please stay tuned to the Dassault Systèmes article link below:
- https://kb.dsxclient.3ds.com/mashup-ui/page/resultqa?id=QA00000102301e

Discover SOLIDWORKS & 3DEXPERIENCE Works

Learn more about SOLIDWORKS cloud-based collaboration:

3DEXPERIENCE Works Apps
3DEXPERIENCE Resources
3DEXPERIENCE Training
Cloud-connected SOLIDWORKS
Javelin Cloud Services

Posts related to 'Apache Log4j Vulnerability for SOLIDWORKS and 3DEXPERIENCE'

3DEXPERIENCE – Deleting Content from a Collaborative Space

By Brent Rodgers

How to Create a 3D Markup on the SOLIDWORKS 3DEXPERIENCE Platform

By Alaa Hosn

SOLIDWORKS Connected: How to Access and Save Simulation Data

By Suman Sudhakaren

Optimally Nest Components for Manufacturing

By Sawyer Gara

Modifying the Simulation Geometry on 3DEXPERIENCE Platform

By TriMech Solutions, LLC

3DEXPERIENCE Engineering Change Process: Requests vs Orders vs Actions

By TriMech Solutions, LLC

Find Related Content by TAG:

3DEXPERIENCE SOLIDWORKS Error

TriMech Solutions, LLC

TriMech provides thousands of engineering teams with 3D design and rapid prototyping solutions that work hand-in-hand, from sketch to manufacturing. Javelin became a subsidiary of TriMech Solutions LLC in 2021.