Precisely is aware of the zero-day exploit in the Java logging library Log4j. Please see below how the different Precisely Data360 DQ+ deployment options are impacted.
Please note that the below statements reflects the software as it is shipped by Precisely. Customers should check any customized infrastructure components and versions. Additionally, customers should check any custom deployed plug-ins and/or JDBC drivers to verify that they are not deploying the affected Log4j jars.
Precisely Data360 DQ+ SaaS Edition
|
CVE-2021-44228 |
CVE-2021-45046 |
CVE-2021-45105 |
DQ+ Product |
|
|
|
AWS Infrastructure |
- Impacted
- Precisely-hosted instances have been updated. For customer-hosted instances, customers should work with AWS to remediate the situation.
|
- Impacted
- Precisely-hosted instances have been updated. For customer-hosted instances, customers should work with AWS to remediate the situation.
|
|
Azure Infrastructure
|
|
|
|
Precisely Data360 DQ+ Enterprise Edition
Impact
|
CVE-2021-44228 |
CVE-2021-45046 |
CVE-2021-45105 |
DQ+ 6.2 |
- Impacted via use of Vertica 10
- Impacted if using Cloudera 6.3; no impact for earlier versions of Cloudera or use of Hortonworks
|
- Impacted via use of Vertica 10
- Impacted if using Cloudera 6.3; no impact for earlier versions of Cloudera or use of Hortonworks
|
- Impacted if using Cloudera 6.3; no impact for earlier versions of Cloudera or use of Hortonworks
|
DQ+ 5.2 |
- Impacted via use of Vertica 10
|
- Impacted via use of Vertica 10
|
- Impacted if using Cloudera 6.3; no reports from subcomponents such as Vertica yet
|
DQ+ 4.3 and below |
- Impacted via use of Vertica 9
|
- Impacted via use of Vertica 9
|
- Impacted if using Cloudera 6.3; no reports from subcomponents such as Vertica yet
|
Remediation
|
CVE-2021-44228 |
CVE-2021-45046 |
CVE-2021-45105 |
DQ+ 6.2 |
|
|
- Cloudera 6.3 patch available via DQ+ 6.2 Fixpack 5
- No impact for Hortonworks configuration
|
DQ+ 5.2 |
|
|
- Fix under review for Cloudera configuration
- No impact for Hortonworks configuration
|
DQ+ 4.3 and below |
|
|
- Fix under review for Cloudera configuration
-
|
"Follow" this article to receive any new updates.
Comments
0 comments
Please sign in to leave a comment.