Question: 

Is Fluke software affected by the vulnerability in the Log4j tool ? 

---

Answer: 

On November 26, 2021, a critical vulnerability was reported in the Log4j product from Apache (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228).
The following Fluke software products have been reviewed and listed below on impact by this vulnerability, with additional information provided as appropriate.

Products Not Impacted

DPC/TRACK2

Energy Analyze

PowerLog

PowerLog Classic

Smart View

SW3000FC

Compass for Pressure

Compass for Flow

Fluke DAQ 6.0

Logware

Logware II

Logware III

MCZ Installer - Past End of Life and End of Support

MET/CAL (Runtime and Editor)

MET/CONNECT

MET/TEAM - See incident on our status page for additional details: https://metteam.statuspage.io/incidents/csw59p9lns4p

MET/TEMP II

MET/TRACK - Past End of Life and End of Support

Tableware

WinPrompt

LinkWare PC

LinkWare Live

Products Pending Review

FlukeView for CombiScopes

FlukeView Forms

FlukeView for ScopeMeter

Smart View R&D

ValveTrack

 

Products impacted but fixed

Fluke Connect desktop application
Technical Information on the resolving the issue :  
We have updated the services running log4j to 2.15. All customer exposed endpoints have also been updated with WAF (web application firewalls) rules that block the vulnerability before reaching our servicesWe have updated the services running log4j to 2.15. All customer exposed endpoints have also been updated with WAF (web application firewalls) rules that block the vulnerability before reaching our services