Problem Description
After installing COMSOL 6.3 my security scan gives a log4j warning pointing to
C:\Program Files\COMSOL\COMSOL63\Multiphysics\license\win64\lmadmin\examples\alerter\lib\log4j-core-2.17.0.jar
Solution
COMSOL Version 6.3 is not vulnerable itself. The package you refer to belongs to a third-party tool, lmadmin, which is an alternate tool for license handling, and not used by default.
If you are not using lmadmin as the license handling tool on your computer, you can safely remove the entire lmadmin directory. If you are using lmadmin on your computer, you can instead remove the lmadmin\examples directory. However, if you are using the alerter functionality in lmadmin, you need to keep the directory and patch the log4j files according to the workaround found in the links in the next section
According to the developers of the license handling tool, lmadmin should not be vulnerable to this vulnerability. See Vulnerability: CVE-2021-44832 Log4j vulnerability impact on FlexNet Publisher and CVE-2021-44832 Log4j vulnerability impact on FlexNet Publisher for more information.
Recherche par catégorie
Messages d'erreur (65)Import (10)
Géométrie (14)
Physiques (10)
Solveur (35)
Installation (40)
Maillage (14)
Général (35)
Mécanique des structures (2)
Mécanique des fluides (1)
Post-traitement (4)
Export (1)
Dessin (1)
Informations produit (6)
Multiphysique (1)
Modèles utilisateurs (1)
Electromagnétisme (1)
COMSOL makes every reasonable effort to verify the information you view on this page. Resources and documents are provided for your information only, and COMSOL makes no explicit or implied claims to their validity. COMSOL does not assume any legal liability for the accuracy of the data disclosed. Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark details.