Merative ™ Social Program Management and Apache Log4j update

Merative ™ Social Program Management is now Cúram ™ by Merative™

Flashes (Alerts)

Abstract

Merative Social Program Management uses the Apache Log4j libraries, for which a publicly known vulnerability exists.

Content

For more information about the publicly known vulnerability in relation to Apache Log4j libraries, see the update on the Apache Log4j CVE-2021-44228 vulnerability.

All Merative Social Program Management versions before V8 are not impacted by the CVE-2021-44228 vulnerability, which is specific to Apache Log4j 2.x. Apache Log4j 2.x is used in Social Program Management V8, for which an interim fix will be issued soon.

We encourage all clients to continue with their plans to move to Merative Social Program Management V8 as soon as possible.