A flaw in Log4j, a Java library for logging error messages in applications, is the most high-profile security vulnerability on the internet right now and comes with a severity score of 10 out of 10.
The Log4j library is developed by the open-source Apache Software Foundation and is a key Java-logging framework. Since last week’s alert by CERT New Zealand that CVE-2021-44228, a remote code execution flaw in Log4j, was already being exploited in the wild, warnings have been issued by several national cybersecurity agencies, including the Cybersecurity and Infrastructure Security Agency (CISA).
Looking for help?
- Visit our support library,
- Contact your account representative,
- or, email us at sales@nxrev.com
Windchill
Affected Windchill versions that need immediate action:
- Windchill 12.0.2.0
- Windchill 12.0.2.1
- Windchill 12.0.2.2
Windchill 11.1 M020 and older versions are not affected by the recently found Log4j security vulnerability and no action is required.
Navigate
Affected Navigate versions that need immediate action:
- ThingWorx Navigate 9.1
- ThingWorx Navigate 9.2
The following Windchill versions are affected by SOLR installation:
Click here to download a pdf of this table
| WINDCHILL VERSION | SOLR VERSION | LOG4J VERSION TO REMOVE |
|---|---|---|
| Windchill 11.1 M020 CPS20 through CPS22 | 8.9.0 | 2.13.2 |
| Windchill 11.1 M020 CPS18 through CPS19 | 8.8.1 | |
| Windchill 11.1 M020 CPS15 through CPS17 | 8.6.1 | |
| Windchill 11.1 M020 CPS12 through CPS14 | 8.4.1 | 2.11.2 |
| Windchill 11.1 M020 CPS10 through CPS11 | 8.2.0 | |
| Windchill 11.1 M020 CPS03 through CPS09 | 7.6.0 | 2.11.0 |
| Windchill 11.1 M020 F000 through CPS02 | 7.4.0 | |
| Windchill 12.0.2.0 | 8.8.1 | 2.13.2 |
| Windchill 12.0.2.1 through 12.0.2.2 | 8.9.0 |
Ongoing updates from PTC
PTC has provided an “living” landing page for customers wanting more information:
Additional articles with more details and step-by-step instructions to remediate the vulnerability: