Electronics

Electronics

  1. All Channels
  2. Electronics
  3. Security Risk: Apache Log4j Obsolete Version

Security Risk: Apache Log4j Obsolete Version

    • March 17, 2023 at 2:17 am
      rely
      Subscriber

      My IT department wants me to delete or update the log4j executable files contained in the AnsysEM22.1 release. I get this message:

      Detection Detail: Vulnerable software installed: Apache Log4j 1.2.16 (C:\Program Files\AnsysEM\AnsysEM22.1\Win64\spisim\spisim\modules\ext\log4j-1.2.16.jar)

      Solution Fix: See 'Detection Detail' below for which Log4j vulnerable file/module/software was found.  Either Delete the file, uninstall the respective module, or update the specific software utilizing this outdated Log4j vulnerable jar/module.

      If I delete this, what functionality will I loose?  Does anyone know of a release of log4j that doesn't have this vulnerability?

    • March 17, 2023 at 5:59 pm
      Dan Dvorscak
      Ansys Employee

      That particular file is specific to the SPISim utility. If you are not using SPISim at all, it can be safely deleted without impacting the rest of the Ansys Electronics suite. 

      Though it it helps, according to the Ansys support site for Log4j vulnerabilities that file does not use any of the affected classes that are susceptible to the vulnerability. Also note that this issue has been completely resolved in the 2023R1 release. 



      Apache Log4j Vulnerability - Software Security Updates (ansys.com)

Viewing 1 reply thread
  • You must be logged in to reply to this topic.
Ansys Innovation Space

Boost Ansys Fluent Simulations with AWS

Computational Fluid Dynamics (CFD) helps engineers design products in which the flow of fluid components is a significant challenge. These different use cases often require large complex models to solve on a traditional workstation. Click here to join this event to learn how to leverage Ansys Fluids on the cloud, thanks to Ansys Gateway powered by AWS. 

Earth Rescue – An Ansys Online Series

The climate crisis is here. But so is the human ingenuity to fight it. Earth Rescue reveals what visionary companies are doing today to engineer radical new ideas in the fight against climate change. Click here to watch the first episode.

Ansys Blog

Subscribe to the Ansys Blog to get great new content about the power of simulation delivered right to your email on a weekly basis. With content from Ansys experts, partners and customers you will learn about product development advances, thought leadership and trends and tips to better use Ansys tools. Sign up here.

© 2023 Copyright ANSYS, Inc. All rights reserved.

Ansys does not support the usage of unauthorized Ansys software. Please visit www.ansys.com to obtain an official distribution.