erwin Data Modeler service Update – 15/12/2021
As you may be aware, a zero-day vulnerability with Apache Log4j, cve-2021-44228, was recently identified, affecting applications which use Log4j, including erwin Data Modeler and related applications.
Key information relevant to your erwin product(s) can be found below:
erwin Web Portal
Status – New build for 2020 R1 released.
Workaround – Install new build.
erwin Data Modeler – May affect Metaintegration Bridges if present.
Status – Under investigation by MITI
Workaround – Remove potentially at-risk files if present.
erwin Mart Server
Status – New builds under development for currently supported versions.
Workaround – remove Log4J2.XML from install folder\erwin\Mart Server r9\MartUpgrade\lib if present.
To view additional information and Quest’s official statement, please follow this link: https://support.quest.com/essentials/log4j-vulnerability-update