erwin Data Modeler service Update – 15/12/2021
erwin DM Update
As you may be aware, a zero-day vulnerability with Apache Log4j, cve-2021-44228, was recently identified, affecting applications which use Log4j, including erwin Data Modeler and related applications. erwin DM update is now available.
Key information relevant to your erwin Data Modeler product(s) can be found below:
erwin Web Portal
Status – New build for 2020 R1 released.
Workaround – Install new build.
Detailed guidance – https://support.quest.com/erwin-data-modeler/kb/336020/java-log4j-vulnerability-alert-mitigation-for-erwin-web-portal
erwin Data Modeler – May affect Metaintegration Bridges if present.
Status – Under investigation by MITI
Workaround – Remove potentially at-risk files if present.
Details guidance – https://support.quest.com/erwin-data-modeler/kb/336021/log4j-vulnerability-alert-mitigation-for-erwin-data-modeler
erwin Mart Server – erwin Data Modeler update
Status – New builds under development for currently supported versions.
Workaround – remove Log4J2.XML from install folder\erwin\Mart Server r9\MartUpgrade\lib if present.
Detailed guidance – https://support.quest.com/erwin-data-modeler/kb/336019/java-log4j-vulnerability-alert-mitigation-for-erwin-mart
To view additional information and Quest’s official statement, please follow this link: https://support.quest.com/essentials/log4j-vulnerability-update
To get an erwin Data Modeler free trial, click here