Product information - security breach in log4j library
Government security agencies in many countries (France – UK – Germany – USA) have reported on December 10, 2021 an important security vulnerability in a library very commonly used in all projects and software developed in Java. This vulnerability, identified in the Apache Log4j library used for logging, is likely to allow cyber attackers to take control of information systems.
This vulnerability, also called "log4shell", is caused by a Log4j feature introduced in versions 2.x allowing, by interpreting a string in a logged message, to connect to a remote site without authentication or to execute code directly. This is a global security vulnerability and is rated as level 10 by the Apache Foundation.
As soon as this alert was issued and following investigations by its own cybersecurity teams, Dassault Systèmes implemented remediation actions and communicated to its customers through its knowledge base.
The table below summarizes the impact of this vulnerability on its software, as communicated by Dassault Systèmes.
Update on Dassault Systèmes' software
Action to be taken
Update to be performed (HF0.4) for each user
3DEXPERIENCE On Premise
Software suite SolidWorks and PDM
Not affected – no action to be taken
According to the version - Consult the Dassault Systèmes Knowledge Base or contact Visiativ support (email@example.com)
Situation updated on 20/12/2021 at 16h00
This table will be updated as information is received from Dassault Systèmes.
If you rely on the actions recommended by Dassault Systèmes in the Knowledge Base article, you are strongly advised to consult this article on a regular basis to ensure that the actions to be performed have not been modified and have not been enriched by additional actions.
Concerning tools related to Dassault Systèmes software developed by VISIATIV (myCadServices, my3Dplayer, myCADplace, myProduct, myCADtools, myApps), they are not affected by this vulnerability. The same applies to specific developments made by VISIATIV in projects.
Your data protection remains our priority and our teams work continuously to bring you more reliable and secure services.