Apache Log4j Vulnerability
Log4Shell
Aix en Provence, 15 December 2021.
Java security vulnerability CVE-2021-44228 ("Log4Shell") security vulnerability
Software suite from OpenText
We are actively working with the OpenText R&D, product management and security teams to identify the products and versions in our catalogue that are affected by this. We have already deployed some patches to our customers.
The description of the actions taken by OpenText as well as the list of products affected/not affected by this security flaw is regularly updated in the article https://www.opentext.com/log4j-advisory. This article provides access to related links describing the specific strategies to be adopted for each product (connection to the publisher's My Support site is required).
If you encounter any difficulties in accessing the information provided on the OpenText site or if you wish to obtain additional information, please open a ticket through the myBCS platform, specifying your OpenText products and their exact versions so that we can get back to you as soon as possible.
BCSolutions eas' software suite (eas'Invoice, eas'eFlow, ...)
After investigations, the affected versions are those using the Elasticsearch software component of the ELK suite. Customers who own these versions have been contacted directly by BCSolutions teams to implement the appropriate patch.
If you have any further questions, please send a message to our team through the platform myBCS.
The BCSolutions team