(Updated: 21.12.2021)
Dear Customer,We wish to inform you that in response to the published vulnerabilities on Apache Log4j (CVE-2021-44228 and CVE-2021-45046) M-Files Security team has performed a rigorous review to identify any potential exposure and risks arising from the vulnerability.
M-Files core product relies on programming languages other than Java, and thus we have not as of now identified use of vulnerable log4j library within M-Files Server / Desktop / Classic Web / VNEXT / Mobile services.
For Smart Search, IDOL and other services, we have updated all components that have come to our attention where the risk of exposure to the vulnerability could not be ruled out.
For Hubshare Cloud product we have performed all critical updates for components that have come to our attention where the risk of exposure to the vulnerability could not be ruled out. For Hubshare on-premises installations a patch 3.3.4.6 has been released. M-Files Security team shall continue investigations and we shall keep you informed should we have additional information to share.
Best regards,
M-Files Security and M-Files Customer support team
Our software mentioned in this article:
M-Files, Hubshare
More information of the security vulnerabilities:
CVE-2021-44228
CVE-2021-45046
Vulnerability Advisory - M-Files (wpengine.com)
Should you have additional questions, please contact security@m-files.com
