January 14th, 2022
Log4j Security Vulnerability
SAP Crystal Reports which is used on Phoenix Products (Phoenix Law RMS, Fire RMS, CAD, IA, CMS) remains unaffected
Microsoft has recently announced a Security Vulnerability for Apache Log4j. Please click on this link for more details. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-44228. Apache Log4j2 versions up to and including 2.14.1 (excluding security release 2.12.2) are vulnerable to a remote code execution vulnerability. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.
However, with regard to the Log4j security vulnerability, it has been confirmed that SAP Crystal Reports for .NET SDK is not affected by Log4j flaw. Phoenix products remain unaffected, and no recommended action is needed at this time. We suggest that everyone take a look at this MS announcement to check if other non-Phoenix products being used are affected, but no issues with Phoenix software currently exist because of this matter.
We will closely monitor this situation, and send out announcements if any actions are needed in the future.