NOTE: This Advisory supercedes the Pega Security Advisory for Apache Log4j Zero Day Vulnerability.
The following vulnerabilities have been identified in Apache Log4j 2 logging software:
|
CVE |
Fixed in Apache Log4j version: |
|
2.15 |
|
|
2.16 |
|
|
2.17 |
These vulnerabilities could allow malicious actors to take control of organizational networks using Log4j. The Log4j software is ubiquitously used by most organizations around the world.
For detailed information about the vulnerability and its potential impact on Pega software, see Security Advisory: Apache Log4j Zero Day Vulnerability.
Pega has created hotfixes based on Apache Log4j 2.17 for each Platform version to address the three vulnerabilities listed above.
Pega Cloud® environments running the relevant Pega versions are being proactively remediated by Pega. If you are running Pega Platform software in an on–premises or client-managed cloud environment, please review the table below to determine which hotfix corresponds to your Pegasystems installation, and install the appropriate version of this hotfix as soon as possible. (A hotfix for our Stream service [Kafka] is available separately. See this post for more information.)
NOTE: All on-premises or client-managed cloud clients should apply this latest Pega Platform service hotfix, even if they had applied an earlier Pega Platform service hotfix, as this hotfix addresses all the above vulnerabilities.
Once you have determined the appropriate hotfix ID, please submit a hotfix request using My Support Portal.
As always, we recommend our clients review our Security Checklist regularly.
8.X:
|
Version |
Hotfix/Bug |
|
8.1 |
HFIX-82286 |
|
8.1.1 |
HFIX-82285 |
|
8.1.2 |
HFIX-82284 |
|
8.1.3 |
HFIX-82283 |
|
8.1.4 |
HFIX-82282 |
|
8.1.5 |
HFIX-82281 |
|
8.1.6 |
HFIX-82280 |
|
8.1.7 |
HFIX-82279 |
|
8.1.8 |
HFIX-82278 |
|
8.1.9 |
HFIX-82277 |
|
8.2.1 |
HFIX-82276 |
|
8.2.2 |
HFIX-82275 |
|
8.2.3 |
HFIX-82274 |
|
8.2.4 |
HFIX-82273 |
|
8.2.5 |
HFIX-82272 |
|
8.2.6 |
HFIX-82271 |
|
8.2.7 |
HFIX-82270 |
|
8.2.8 |
HFIX-82269 |
|
8.3.0 |
HFIX-82268 |
|
8.3.1 |
HFIX-82267 |
|
8.3.2 |
HFIX-82266 |
|
8.3.3 |
HFIX-82265 |
|
8.3.4 |
HFIX-82264 |
|
8.3.5 |
HFIX-82263 |
|
8.3.6 |
HFIX-82262 |
|
8.4.0 |
HFIX-82261 |
|
8.4.1 |
HFIX-82260 |
|
8.4.2 |
HFIX-82259 |
|
8.4.3 |
HFIX-82258 |
|
8.4.4 |
HFIX-82257 |
|
8.4.5 |
HFIX-82256 |
|
8.4.6 |
HFIX-82255 |
|
8.5.1 |
HFIX-82254 |
|
8.5.2 |
HFIX-82253 |
|
8.5.3 |
HFIX-82252 |
|
8.5.4 |
HFIX-82251 |
|
8.5.5 |
HFIX-82250 |
|
8.6.0 |
HFIX-82219 |
|
8.6.1 |
HFIX-82218 |
|
8.6.2 |
HFIX-82217 |