A flaw in Log4j, a Java library for logging error messages in applications, is the most high-profile security vulnerability on the internet right now and comes with a severity score of 10 out of 10.

The Log4j library is developed by the open-source Apache Software Foundation and is a key Java-logging framework. Since last week’s alert by CERT New Zealand that CVE-2021-44228, a remote code execution flaw in Log4j, was already being exploited in the wild, warnings have been issued by several national cybersecurity agencies, including the Cybersecurity and Infrastructure Security Agency (CISA).

Looking for help?


Affected Windchill versions that need immediate action:

  • Windchill
  • Windchill
  • Windchill

Windchill 11.1 M020 and older versions are not affected by the recently found Log4j security vulnerability and no action is required.

Steps to Apply to Windchill


Affected Navigate versions that need immediate action:

  • ThingWorx Navigate 9.1
  • ThingWorx Navigate 9.2

Steps to Apply to Navigate

The following Windchill versions are affected by SOLR installation:

Click here to download a pdf of this table

Windchill 11.1 M020 CPS20 through CPS22 8.9.0 2.13.2
Windchill 11.1 M020 CPS18 through CPS19 8.8.1
Windchill 11.1 M020 CPS15 through CPS17 8.6.1
Windchill 11.1 M020 CPS12 through CPS14 8.4.1 2.11.2
Windchill 11.1 M020 CPS10 through CPS11 8.2.0
Windchill 11.1 M020 CPS03 through CPS09 7.6.0 2.11.0
Windchill 11.1 M020 F000 through CPS02 7.4.0
Windchill 8.8.1 2.13.2
Windchill through 8.9.0

Steps to Apply to SOLR

Ongoing updates from PTC

PTC has provided an “living” landing page for customers wanting more information:

Additional articles with more details and step-by-step instructions to remediate the vulnerability: