We recommend switching to the latest versions of Edge, Firefox, Chrome or Safari. Using Internet Explorer will result in a loss of website functionality.
Our Support systems migrated on Saturday, May 21. We'll automatically forward you to the new location for this content.

Articles in this section

See more

Precisely Data360 DQ+: Log4j Vulnerabilities (CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105)

Avatar
Jeffery Brown
  • Updated
Follow

Precisely is aware of the zero-day exploit in the Java logging library Log4j. Please see below how the different Precisely Data360 DQ+ deployment options are impacted.

Please note that the below statements reflects the software as it is shipped by Precisely. Customers should check any customized infrastructure components and versions. Additionally, customers should check any custom deployed plug-ins and/or JDBC drivers to verify that they are not deploying the affected Log4j jars. 

 

Precisely Data360 DQ+ SaaS Edition

  CVE-2021-44228 CVE-2021-45046 CVE-2021-45105
DQ+ Product
  • Not impacted
  • Not impacted
  • Not impacted
AWS Infrastructure
  • Impacted
  • Precisely-hosted  instances have been updated. For customer-hosted  instances, customers should work with AWS to remediate the situation.
  • Impacted
  • Precisely-hosted  instances have been updated. For customer-hosted  instances, customers should work with AWS to remediate the situation.

Azure Infrastructure
  • Not impacted
  • Not impacted
  • Not impacted

Precisely Data360 DQ+ Enterprise Edition

Impact

  CVE-2021-44228 CVE-2021-45046 CVE-2021-45105
DQ+ 6.2
  • Impacted via use of Vertica 10
  • Impacted if using Cloudera 6.3; no impact for earlier versions of Cloudera or use of Hortonworks
  • Impacted via use of Vertica 10
  • Impacted if using Cloudera 6.3; no impact for earlier versions of Cloudera or use of Hortonworks
  • Impacted if using Cloudera 6.3; no impact for earlier versions of Cloudera or use of Hortonworks
DQ+ 5.2
  • Impacted via use of Vertica 10
  • Impacted via use of Vertica 10
  • Impacted if using Cloudera 6.3; no reports from subcomponents such as Vertica yet
DQ+ 4.3 and below
  • Impacted via use of Vertica 9
  • Impacted via use of Vertica 9
  • Impacted if using Cloudera 6.3; no reports from subcomponents such as Vertica yet

 

Remediation

  CVE-2021-44228 CVE-2021-45046 CVE-2021-45105
DQ+ 6.2
  • Cloudera 6.3 patch available via DQ+ 6.2 Fixpack 5
  • No impact for Hortonworks configuration
DQ+ 5.2
  • Fix under review for Cloudera configuration
  • No impact for Hortonworks configuration
DQ+ 4.3 and below
  • Fix under review for Cloudera configuration
  •  

 

"Follow" this article to receive any new updates.

Related articles

Comments

0 comments

Please sign in to leave a comment.