Fluke MET/TEAM incident

CVE-2021-44228 (Log4j) Impact to MET/TEAM

Major Resolved View vendor source →

Fluke MET/TEAM experienced a major incident on December 13, 2021, lasting 17h 42m. The incident has been resolved; the full update timeline is below.

Started
Dec 13, 2021, 03:52 AM UTC
Resolved
Dec 13, 2021, 09:34 PM UTC
Duration
17h 42m
Detected by Pingoru
Dec 13, 2021, 03:52 AM UTC

Update timeline

  1. investigating Dec 13, 2021, 03:52 AM UTC

    Late last week, a security flaw was identified in Log4j, a widely-used logging library from Apache (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228). While the MET/TEAM application itself does not use this library, our reporting engine, SAP Crystal Reports, does. We are awaiting further information from SAP about how they have dealt with this issue. Once we have additional answers, we will update this incident.

  2. investigating Dec 13, 2021, 04:43 PM UTC

    SAP is aware of the issue and is working to resolve it. Once we have a resolution there, we will determine what needs to happen on our end to apply the fix.

  3. resolved Dec 13, 2021, 09:34 PM UTC

    SAP has reported that the referenced issue does not impact Crystal Reports Runtime (https://answers.sap.com/answers/13548409/view.html). Therefore, MET/TEAM is not impacted by CVE-2021-44228.