Chat now with support
Chat with Support
Become a portal pro
Self Service Tools
Knowledge Base
My Account
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
RSS Feed
Support Essentials
Awards and Testimonials
Getting Started
License Agreement
Support Guide

Spotlight on SQL Server Enterprise Product Notification

Return
Critical Alerts
Critical Notification

Spotlight on SQL Server Enterprise

 

A critical vulnerability was recently discovered related to systems/software that run Apache Log4j. More information about this vulnerability can be found here:

National Vulnerability Database - CVE-2021-44228 (nist.gov)

This is an industry-wide vulnerability affecting the Apache Log4j itself and is not specific to Spotlight on SQL Server Enterprise.

Spotlight on SQL Server Enterprise Versions 13.1, 13.2, 13.2.1, 13.3, 13.4 and 13.5 are affected by CVE-2021-44228.

Resolution

Upgrade to Spotlight of SQL Server Enterprise versions 13.5.2, 13.4.2 or 13.3.1. Those versions of Spotlight on SQL Server Enterprise have upgraded log4j to version 2.16.0, which is not subject to the CVE-2021-44228 vulnerability.

Status

Please review the following knowledge article for further updates on this issue.

For any questions or assistance on this topic please contact Quest Technical Support

We apologize for the inconvenience this issue may have caused and look forward to assisting you in the future.