erwin Data Modeler service Update – 15/12/21
As you may be aware, a zero-day vulnerability with Apache Log4j, cve-2021-44228, was recently identified, affecting applications which use Log4j, including erwin Data Modeler and related applications.
Key information relevant to your erwin product(s) can be found below:
erwin Web Portal
Status – New build for 2020 R1 released.
Workaround – Install new build.
Detailed guidance – https://support.quest.com/erwin-data-modeler/kb/336020/java-log4j-vulnerability-alert-mitigation-for-erwin-web-portal
erwin Data Modeler – May affect Metaintegration Bridges if present.
Status – Under investigation by MITI
Workaround – Remove potentially at-risk files if present.
Details guidance – https://support.quest.com/erwin-data-modeler/kb/336021/log4j-vulnerability-alert-mitigation-for-erwin-data-modeler
erwin Mart Server
Status – New builds under development for currently supported versions.
Workaround – remove Log4J2.XML from install folder\erwin\Mart Server r9\MartUpgrade\lib if present.
Detailed guidance – https://support.quest.com/erwin-data-modeler/kb/336019/java-log4j-vulnerability-alert-mitigation-for-erwin-mart
To view additional information and Quest’s official statement, please follow this link: https://support.quest.com/essentials/log4j-vulnerability-update