Wolfram Computation Meets Knowledge

Does log4shell affect Wolfram products?

Summary

Most Wolfram products and systems are either not affected by the log4shell (CVE-2021-44228) zero-day vulnerability in the Java library log4j in versions 2.x with x<=14 or it has been fully addressed in them.

Only Wolfram Enterprise Private Cloud (EPC) and Wolfram Application Server (WAS) were affected by log4shell. This vulnerability has been fully addressed in EPC Version 1.60.2 and WAS Version 1.1.2.

All product fixes also address log4j vulnerability CVE-2021-45046.

For further details on individual Wolfram products or systems, please consult the following sections.

Wolfram-hosted systems and products

All Wolfram-hosted systems and products such as Wolfram|Alpha or Wolfram Cloud were either not affected or these log4j vulnerabilities have been fully addressed in them.

Customer-hosted non-Wolfram Language products

No non-Wolfram Language Wolfram products, such as System Modeler or Wolfram’s license manager MathLM, have been affected by either log4j vulnerability.

All customer-hosted Wolfram Language products
(except Enterprise Private Cloud and Application Server)

In all 13.0.1 versions of Wolfram Language products, log4j libraries have either been removed or updated to their fixed version. Current Wolfram products such as Mathematica, Wolfram|Alpha Notebook Edition, Wolfram Desktop, Wolfram Engine, Wolfram Finance Platform, Wolfram Player, gridMathematica Server or webMathematica are therefore not affected by either log4j vulnerability.

Customer-hosted Enterprise Private Cloud and Application Server

Enterprise Private Cloud and Application Server were affected by log4shell. A workaround to mitigate the issue has been communicated to all affected customers. It has been fully addressed in EPC Version 1.60.2 and WAS Version 1.1.2.

Is this article helpful?
Yes
No

Any comments?

Thank you for your feedback.

Submit

Contact Support

Whether you have a question about billing, activation or something more technical, we are ready to help you.

1-800-WOLFRAM (+1-217-398-0700 for international callers)

Customer Support

Monday–Friday
8am–5pm US Central Time

  • Product registration or activation
  • Pre-sales information and ordering
  • Help with installation and first launch

Advanced Technical Support (for eligible customers)

Monday–Thursday
8am–5pm US Central Time

Friday
8:30–10am & 11am–5pm US Central Time

  • Priority technical support
  • Product assistance from Wolfram experts
  • Help with Wolfram Language programming
  • Advanced installation support