Apache Log4j Vulnerability

**Please review the information below to understand any potential impacts you may experience as a result of the Apache Log4j utility issue.**

CADimensions and Dassault Systèmes are aware of the security issue related to open-source Apache Log4j Utility (CVE-2021-44228)* and our Cybersecurity team has been actively investigating any potential impact of this vulnerability since Friday, December 10th.

SOLIDWORKS, PDM Professional, PDM Standard, etc.

• There is currently no impact identified
• A few investigations are still on going, so please stay tuned to this article. 

3DEXPERIENCE platform SaaS 

• In the hours following the announcement, Dassault Systèmes took immediate measures, as part of their vulnerability and threat intelligence processes, to mitigate potential risks related to 3DEXPERIENCE platform SaaS offering.
• We are asking our Cloud users of Collaborative Designer for X-CAD to update to the version HF0.4 ( available since Dec 14th - 7PM Paris Time). [updated on Dec, 14th. 9PM Paris time]
• There is no expected action from our 3DEXPERIENCE platform Cloud customers not using Collaborative Designer for X-CAD. [updated on Dec, 14th. 3PM Paris time]

3DEXPERIENCE platform On-Premise

You have actions to perform only if you have installed one of the following medias:

• “Business Insight Installation” (from R2021x)
  • Please follow procedure by clicking here
• “XCADDesignConnectors” (from R2020x HF1 (FP2006) and Upper, R2021x and R2022x)
  • Please follow procedure by clicking here

All other 3DEXPERIENCE platform medias are not impacted.

CATIA No Magic (R2021x Refresh 1 & 2)

You have action to perform. Please follow the procedure by clicking here

You can also find more details in the dedicated CATIA No Magic webpage (click here)

DELMIA Quintiq (All levels)

You have action to perform. Please follow the procedure by clicking here

[Procedure updated on Dec, 15th. 7PM Paris time]

---