SOLIDWORKS, 3DEXPERIENCE

Apache Log4j Vulnerability

By TriMech on December 15, 2021

With the recent identification of the security issue related to open-source Apache Log4j Utility (CVE-2021-44228), TriMech would like to provide details from Dassault Systèmes regarding the impacts on the SOLIDWORKS and 3DEXPERIENCE solutions and products that our clients may be utilizing.

Dassault Systèmes Cybersecurity team has been actively investigating any potential impact of this vulnerability. Apache reported that CVE-2021-44228 applies only to Log4j versions 2.0-2.14.1, and does not apply to Log4j versions 1.x.

3DEXPERIENCE platform SaaS

  • In the hours following the announcement, Dassault Systèmes took immediate measures, as part of their vulnerability and threat intelligence processes, to mitigate potential risks related to 3DEXPERIENCE platform SaaS offering.
  • Dassault Systèmes is asking all Cloud users of Collaborative Designer for X-CAD to update to the version HF0.4 that will be available on Dec 14th. [updated on Dec, 14th. 3PM Paris time]
  • There is no expected action from Dassault Systèmes 3DEXPERIENCE platform Cloud customers not using Collaborative Designer for X-CAD. [updated on Dec, 14th. 3PM Paris time]

3DEXPERIENCE platform On-Premise

You have actions to perform only if you have installed one of the following medias:

  • "Business Insight Installation" (from R2021x)
    • Please follow procedure by clicking here.
  • "O3D_XCADDesignConnectors" (from R2020x HF1 (FP2006) and Upper, R2021x and R2022x)
    • Please follow procedure by clicking here.
  • All other 3DEXPERIENCE Platform medias are not impacted.

DELMIA Quintiq (All levels)

You have action to perform.

    • Please follow procedure by clicking here.

CATIA No Magic (R2021x Refresh 1 & 2)

You have action to perform.

    • Please follow procedure by clicking here.
    • You can also find more details in dedicated CATIA No Magic webpage (click here).

All others Dassault Systèmes Solutions

Including SOLIDWORKS, PDM Professional, PDM Standard, etc.

[updated on Dec, 14th. 10AM Paris time]

We will update this post with new information as it becomes available. Contact TriMech Support with any questions.

Contact TriMech