With the recent discovery of the Log4Shell Java/Apache Vulnerability, does this affect Microstation?
An update on this Log4J Security Vulnerability from Bentley.
"our security experts launched an investigation to determine whether this attack impacted our systems, products, and/or services. We are pleased to report that, at this time, Bentley has found no evidence our systems have been compromised by this attack or that an intrusion has occurred."
Bentley Security Update December 2021
RegardsAndrew BellTechnical SupportBentley Systems
Hi Andrew,Thank you for linking the Security Update.
However since no reply can be made on the article directly I'd like to ask if you can provide some more clarification here:The article states that no evidence was found for any of Bentley systems being intruded or attacked, but doesn't state as a fact whether or not Log4J is used anywhere within any of Bentley's pipelines. Unless "[...] no evidence our systems have been Compromised by this attack [...] " is meant to be read as "None of our systems are vulnerable to the exploit". Which is a very different message. I believe in something as critical as this no room for interpretation should be allowed.Are you (or one of your colleagues) able to confirm that Log4J is used nowhere within Bentley software, or (web)services? Kind Regards,Remy Moerland
For those who havn't visited the security update since the initial post, an update was published to the security update stating the following key points:
We have reviewed our product portfolio as an update to the above. This review found three services were vulnerable to the (now two) log4j related CVEs, which we have successfully mitigated in our production environments. We continue to see no evidence of exploitation.
The impacted services were:
(Emphasis theirs). For the full article please visit: Bentley Security Update December 2021 - Products - Wiki - Product Communities - Bentley Communities
Thank you Bentley team for working hard to clear up this information.
Is this workflow still valid?
(+) ProjectWise Orchestration Framework V8i Logging [TN] - Content Management Wiki - Content Management - Bentley Communities
Please check here for updated steps-(+) Troubleshooting ProjectWise Orchestration Framework and Document Processors [TN] - ProjectWise Design Integration Wiki - ProjectWise - Bentley Communities
Answer Verified By: Sangameshwar Pendalwar