News
,

erwin Data Modeler service Update – 15/12/21

poobeash 15th December 2021

As you may be aware, a zero-day vulnerability with Apache Log4j, cve-2021-44228, was recently identified, affecting applications which use Log4j, including erwin Data Modeler and related applications.

 

Key information relevant to your erwin product(s) can be found below:

 

erwin Web Portal

Status – New build for 2020 R1 released.

Workaround – Install new build.

Detailed guidance – https://support.quest.com/erwin-data-modeler/kb/336020/java-log4j-vulnerability-alert-mitigation-for-erwin-web-portal

 

erwin Data Modeler – May affect Metaintegration Bridges if present.

Status – Under investigation by MITI

Workaround – Remove potentially at-risk files if present.

Details guidance – https://support.quest.com/erwin-data-modeler/kb/336021/log4j-vulnerability-alert-mitigation-for-erwin-data-modeler

 

erwin Mart Server

Status – New builds under development for currently supported versions.

Workaround – remove Log4J2.XML from install folder\erwin\Mart Server r9\MartUpgrade\lib if present.

Detailed guidance – https://support.quest.com/erwin-data-modeler/kb/336019/java-log4j-vulnerability-alert-mitigation-for-erwin-mart

 

To view additional information and Quest’s official statement, please follow this link: https://support.quest.com/essentials/log4j-vulnerability-update