Login/Register
  • Home
  • Community
  • Knowledge
  • Technical Docs
  • RWS Support Policy
  • Trados Studio Licensing Help
  • Login for Support
Back to Search Results

IMPORTANT: Critical Apache Log4J2 CVE-2021-44228 Vulnerability (Log4Shell)

000017712 |12/16/2021 11:10 AM
Scope/Environment
Apache log4j, CVE-2021-44228
Symptoms/Context
On December 9, 2021, a very serious vulnerability in the popular Java-based logging package Log4j was disclosed. This vulnerability allows an attacker to execute code on a remote server; a so-called Remote Code Execution (RCE).
Because of the widespread use of Java and log4j this is likely one of the most serious vulnerabilities on the Internet since both Heartbleed and ShellShock.

It is CVE-2021-44228 and affects version 2 of log4j between versions 2.0-beta-9 and 2.14.1.
It is not present in version 1 of log4j and is patched in version 2.15.0.

This library is used in some RWS products:
  • If your products and services are hosted by RWS then mitigation steps will already have been taken by our Cloud Operations team.
  • However, if you host any of the products listed below, please make sure to take the mitigation steps listed in the respective articles for your product(s) in the resolution section below.
Resolution
The following products were affected. Please click on the respective article below for your product(s):
  • LiveContent S1000D
  • MultiTrans
  • Trados Enterprise
  • Trados Live Essential
  • Trados Live Team
  • WorldServer 10.x
  • WorldServer 11.x
  • WorldServer 11.1.0, 11.1.1 and 11.2.x
  • WorldServer 11.3.x to 11.5.x
  • WorldServer 11.6.x to 11.7.1
  • Tridion Sites - core product unaffected but customers may still be affected in a custom web application.
  • Tridion Docs - core product unaffected but on-site customers should check any DITA-OT/customisations using log4j.

The following products were not affected by this vulnerability:
  • Contenta/Contenta S1000D
  • Language Weaver
  • Language Weaver Edge
  • Managed Translation
  • MultiTerm Desktop
  • Passolo
  • Trados Business Manager
  • Trados GroupShare
  • Trados Studio
  • TMS
  • XPP
Root Cause
Reference
Additional Resources
  • Official Mitre CVE description: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228
  • Community sourced list of impacted applications and services: https://github.com/YfryTchsGD/Log4jAttackSurface
  • CISA Alert: https://www.cisa.gov/uscert/ncas/current-activity/2021/12/10/apache-releases-log4j-version-2150-address-critical-rce
Send Article Feedback
RWS Machine Translation Translation Software Language Services Content Management
All Contents Copyright © RWS.
COPYRIGHT PRIVACY POLICY COOKIE POLICY TERMS AND CONDITIONS