Summary

On December 9, 2021, the following vulnerability in the Apache Log4j Java logging library affecting all Log4j2 versions prior to 2.15.0 was disclosed:

CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints

For a description of this vulnerability, see the Fixed in Log4j 2.15.0 section of the Apache Log4j Security Vulnerabilities page.

There is a new development (not uncommon in these situations). A newly discovered flaw in one of the updated versions of Log4j was discovered (that could cause a denial of service condition for services utilizing the library.

CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack

Fortunately an updated library was already available and we included that in much of our remediation work. Some additional work remains to address this new information. If any additional patches or updates are necessary, we will include that information on our status page.”

Affected Products

In response to the Log4Shell vulnerabilities announced on the Internet (with exploit code), Perforce examined the source code of all of our product lines to ensure that none of our products include the vulnerable Log4j open-source library.

We also have ensured that our infrastructure and back-end environments that support our teams and services have been patched where necessary to address the remote code execution issue introduced by the faulty library.

In a couple cases, a patch/upgrade is necessary to remediate this issue—the version numbers are included below.

Perforce is taking an aggressive approach to identify potentially affected systems and remediate them immediately. At this time, it is not anticipated that our users will experience any downtime as a result of our work.

BrandProductInitially Vulnerable?Currently Vulnerable?Version with FixPatch ETACustomer Action Recommended
21 Labs NONO   
AkanaAPI PlatformNONO   
AkanaSOLA MainframeNONO   
BlazeMeterBlazeDataNONO   
BlazeMeterFunctional TestingYESNO - Upgrade Required for OnPrem Agent only1.20.257Available NowUpgrade OnPrem Agent to the patch
BlazeMeterMock ServicesYESNO - Upgrade Required for OnPrem Agent only5.0.10Available NowUpgrade OnPrem Agent to the patch
BlazeMeterPerformance TestingYESNO - Upgrade Required for OnPrem Agent only1.20.257Available NowUpgrade OnPrem Agent to the patch
BlazeMeterRunScopeNONO   
ComponentsHostAccessNONO   
ComponentsHydraExpressNONO   
ComponentsIMSLNONO   
ComponentsJMSLNONO   
ComponentsJViewsNONO   
ComponentsPV-WAVENONO   
ComponentsSourceProNONO   
ComponentsStingRayNONO   
ComponentsTotalViewNONO   
ComponentsViewsNONO   
GliffyAll ProductsNONO   
Hansoft NONO   
Helix ALMHelix ALMNONO   
Helix ALMData WarehouseNONO   
Helix ALMSurroundSCMYESYES - Upgrade Required if on 2021.1.0 or 2021.1.1 Available NowUpgrade to new release 2021.1.2
Helix CoreArtifactsYESYES2021.3Available NowUpgrade to new release
Helix CoreP4DNONO   
Helix CoreP4VNONO   
Helix CoreSearchYESYES2021.3
2021.4
Available NowUpgrade to new release
Helix CoreSwarmNONO   
Helix CoreHTHYESNO - Remediated  On-prem installs need to update ElasticSearch
Helix CoreSyncNONO   
Helix CoreAll Other ProductsNONO   
Helix QAC NONO   
Klocwork NONO   
MethodicsIPLMNONO   
MethodicsVersICNONO   
Perfecto YESNO - Remediated  No Action Required
RebelJRebelNONO   
RebelXRebelNONO   
RebelRebel License ServerYESNO - Remediated  No Action Required
TestCraft NONO   
ZendZendPHPNONO   
ZendZend ServerNONO   
BrandProductInitially Vulnerable?Currently Vulnerable?Version with FixPatch ETACustomer Action Recommended
21 Labs NONO   
AkanaAPI PlatformNONO   
AkanaSOLA MainframeNONO   
BlazeMeterBlazeDataNONO   
BlazeMeterFunctional TestingYESNO - Upgrade Required for OnPrem Agent1.20.257Available NowUpgrade OnPrem Agent to the patch
BlazeMeterMock ServicesYESNO - Upgrade Required for OnPrem Agent5.0.10Available NowUpgrade OnPrem Agent to the patch
BlazeMeterPerformance TestingYESNO - Upgrade Required for OnPrem Agent1.20.257Available NowUpgrade OnPrem Agent to the patch
BlazeMeterRunScopeNONO   
ComponentsHostAccessNONO   
ComponentsHydraExpressNONO   
ComponentsIMSLNONO   
ComponentsJMSLNONO   
ComponentsJViewsNONO   
ComponentsPV-WAVENONO   
ComponentsSourceProNONO   
ComponentsStingRayNONO   
ComponentsTotalViewNONO   
ComponentsViewsNONO   
GliffyAll ProductsNONO   
Hansoft NONO   
Helix ALMHelix ALMNONO   
Helix ALMData WarehouseNONO   
Helix ALMSurroundSCMYESYES - Upgrade Required if on 2021.1.0 or 2021.1.1 Available NowUpgrade to new release 2021.1.2
Helix CoreArtifactsYESYES2021.3Available NowUpgrade to new release
Helix CoreP4DNONO   
Helix CoreP4VNONO   
Helix CoreSearchYESYES2021.3
2021.4
Available NowUpgrade to new release
Helix CoreSwarmNONO   
Helix CoreHTHYESNO - Remediated  On-prem installs need to update ElasticSearch
Helix CoreSyncNONO   
Helix CoreAll Other ProductsNONO   
Helix QAC NONO   
Klocwork NONO   
MethodicsIPLMNONO   
MethodicsVersICNONO   
Perfecto YESNO - Remediated  No Action Required
RebelJRebelNONO   
RebelXRebelNONO   
RebelRebel License ServerYESNO - Remediated  No Action Required
TestCraft NONO   
ZendZendPHPNONO   
ZendZend ServerNONO   
BrandProductInitially Vulnerable?Currently Vulnerable?Version with FixPatch ETACustomer Action Recommended
21 Labs NONO   
AkanaAPI PlatformNONO   
AkanaSOLA MainframeNONO   
BlazeMeterBlazeDataNONO   
BlazeMeterFunctional TestingYESNO - Upgrade Required for OnPrem Agent1.20.261Available NowUpgrade OnPrem Agent to the patch
BlazeMeterMock ServicesYESNO - Upgrade Required for OnPrem Agent5.0.11Available NowUpgrade OnPrem Agent to the patch
BlazeMeterPerformance TestingYESNO - Upgrade Required for OnPrem Agent1.20.261Available NowUpgrade OnPrem Agent to the patch
BlazeMeterRunScopeNONO   
ComponentsHostAccessNONO   
ComponentsHydraExpressNONO   
ComponentsIMSLNONO   
ComponentsJMSLNONO   
ComponentsJViewsNONO   
ComponentsPV-WAVENONO   
ComponentsSourceProNONO   
ComponentsStingRayNONO   
ComponentsTotalViewNONO   
ComponentsViewsNONO   
GliffyAll ProductsNONO   
Hansoft NONO   
Helix ALMHelix ALMNONO   
Helix ALMData WarehouseNONO   
Helix ALMSurroundSCMYESYES - Upgrade Required if on 2021.1.0 or 2021.1.1 Available NowUpgrade to new release 2021.1.2
Helix CoreArtifactsYESYES2021.3Available NowUpgrade to new release
Helix CoreP4DNONO   
Helix CoreP4VNONO   
Helix CoreSearchYESYES2021.3
2021.4
Available NowUpgrade to new release
Helix CoreSwarmNONO   
Helix CoreHTHYESNO - Remediated  On-prem installs need to update ElasticSearch
Helix CoreSyncNONO   
Helix CoreAll Other ProductsNONO   
Helix QAC NONO   
Klocwork NONO   
MethodicsIPLMNONO   
MethodicsVersICNONO   
Perfecto YESNO - Remediated  No Action Required
RebelJRebelNONO   
RebelXRebelNONO   
RebelRebel License ServerYESNO - Remediated  No Action Required
TestCraft NONO   
ZendZendPHPNONO   
ZendZend ServerNONO