ValueEdge: Value Stream Management
Align corporate investments with business strategy
Continuous quality from requirements to delivery
Scale enterprise SCCM with security and compliance
Resilient AI-powered functional test automation
Enterprise-level requirements management
Deliver continuous application performance testing
Plan, track, orchestrate, and release applications
Govern quality and implement auditable processes
Automate deployments for continuous delivery
최신 기술을 사용하여 비즈니스 애플리케이션을 구축하고 모더나이제이션합니다
The leading solution for COBOL application modernization
IBM 메인프레임 애플리케이션, 딜리버리 프로세스, 액세스 및 인프라를 현대화합니다
보다 쉬운 사용법, 보다 쉬운 통합, 보다 쉬운 관리, 더 우수한 보안으로 호스트 애플리케이션 액세스를 현대화합니다
기업 내 시스템 상호 운용성을 확보합니다
Modern mainframe application delivery for IBM Z
Secure, zero-footprint access to host applications
Access host data and automate processes with RPA
Multi-factor Authentication for IBM z/OS endpoints
개발, 보안 테스트, 연속 모니터링 보안 및 보호
Augment human intelligence
데이터 재파악 및 개인정보를 위한 암호화, 토큰화, 키 관리
ID 및 액세스 관리의 통합 방식
Deliver simplified, secure access to users
Scale to billions of identities with IGA platform
Gain control of privileged user activities
Track changes and activities in managed services
상관관계, 데이터 수집 및 분석을 통해 알려진 위협과 알려지지 않은 위협을 탐지합니다
Analytics for text, audio, video, and image data
Reduce risk, cost, and maintenance, and T2M
AI and machine learning for data analysis
Enterprise backup/disaster recovery
Unified traditional and mobile device management
Meet regulatory & privacy retention requirements
Email, IM, and chat-based collaboration
Mobile workforce communication & collaboration
Secure critical file storage and print services
머신 러닝에 기반하여 최종 사용자 경험과 효율적인 서비스 데스크 연계
하이브리드 IT를 위한 최초의 컨테이터화된 익명 모니터링 솔루션
전통적인 네트워크와 가상 및 소프트웨어 정의 네트워크를 자동화하고 관리합니다
하이브리드 IT 환경의 구성 항목(CI)을 찾고 관리할 수 있습니다.
이행 자동화 간소화 및 거버넌스 강화
종합적인 IT 프로세스 자동화
Manage IT & software assets for better compliance
데이터 센터 간 프로비져닝, 패칭, 컴플라이언스를 자동화합니다
기업 전반에서 자동화된 비즈니스 프로세스를 구축하고 보안을 유지하고 규모를 조정할 수 있습니다
모든 Micro Focus 학습이 한 곳에서 제공됩니다
성공에 필요한 역량을 쌓습니다
속도를 높이고 병목 현상을 제거하고 소프트웨어 딜리버리를 지속적으로 개선하십시오
ValueEdge: Value Stream Management
Align corporate investments with business strategy
Continuous quality from requirements to delivery
Scale enterprise SCCM with security and compliance
Resilient AI-powered functional test automation
Enterprise-level requirements management
Deliver continuous application performance testing
Plan, track, orchestrate, and release applications
Govern quality and implement auditable processes
Automate deployments for continuous delivery
Access all products in application delivery management
비즈니스 변혁을 촉진하도록 핵심 비즈니스 시스템을 현대화합니다
최신 기술을 사용하여 비즈니스 애플리케이션을 구축하고 모더나이제이션합니다
The leading solution for COBOL application modernization
IBM 메인프레임 애플리케이션, 딜리버리 프로세스, 액세스 및 인프라를 현대화합니다
보다 쉬운 사용법, 보다 쉬운 통합, 보다 쉬운 관리, 더 우수한 보안으로 호스트 애플리케이션 액세스를 현대화합니다
기업 내 시스템 상호 운용성을 확보합니다
Modern mainframe application delivery for IBM Z
Secure, zero-footprint access to host applications
Access host data and automate processes with RPA
Multi-factor Authentication for IBM z/OS endpoints
Access all products in Application Modernization & Connectivity
운영, 애플리케이션, 정체성, 데이터 등 핵심 업무 항목에 보안을 제공합니다
개발, 보안 테스트, 연속 모니터링 보안 및 보호
Augment human intelligence
데이터 재파악 및 개인정보를 위한 암호화, 토큰화, 키 관리
ID 및 액세스 관리의 통합 방식
Deliver simplified, secure access to users
Scale to billions of identities with IGA platform
Gain control of privileged user activities
Track changes and activities in managed services
상관관계, 데이터 수집 및 분석을 통해 알려진 위협과 알려지지 않은 위협을 탐지합니다
Access all products in CyberRes
믿을 수 있고 입증된 법률, 컴플라이언스 및 개인 정보 보호 솔루션
Analytics for text, audio, video, and image data
Reduce risk, cost, and maintenance, and T2M
AI and machine learning for data analysis
Enterprise backup/disaster recovery
Unified traditional and mobile device management
Meet regulatory & privacy retention requirements
Email, IM, and chat-based collaboration
Mobile workforce communication & collaboration
Secure critical file storage and print services
Access all products in Information Management and Governance
DevOps 속도로 IT 운영을 가속화합니다
머신 러닝에 기반하여 최종 사용자 경험과 효율적인 서비스 데스크 연계
하이브리드 IT를 위한 최초의 컨테이터화된 익명 모니터링 솔루션
전통적인 네트워크와 가상 및 소프트웨어 정의 네트워크를 자동화하고 관리합니다
하이브리드 IT 환경의 구성 항목(CI)을 찾고 관리할 수 있습니다.
이행 자동화 간소화 및 거버넌스 강화
종합적인 IT 프로세스 자동화
Manage IT & software assets for better compliance
데이터 센터 간 프로비져닝, 패칭, 컴플라이언스를 자동화합니다
기업 전반에서 자동화된 비즈니스 프로세스를 구축하고 보안을 유지하고 규모를 조정할 수 있습니다
Access all products in IT Operations Management
전략을 수립하고 하이브리드 IT를 변환합니다.
실시간 분석을 통해 빅 데이터에서 통찰력을 확보하여 비구조화 데이터를 검색합니다.
팀이 비즈니스 성과를 극대화하도록 지원합니다
13 December 2021
Micro Focus is taking immediate action to analyze and to remediate, where appropriate, Common Vulnerabilities and Exposures (CVE-2021-44228 / Log4j also known as Log4shell / Logjam), a reported vulnerability in the Apache Log4j open source-component that allows Remote Code Execution. Using the Remote Code Execution an attacker can potentially run malicious code that can perform unauthorized operations. This is defined by the Common Vulnerability Scoring System(CVSS) as a level 10 exploit. Micro Focus uses Log4j for standard logging functionality across a number of product portfolios. We are actively remediating the vulnerability across those products to protect both SaaS and on-premises customers and issuing security bulletins with instructions on how to remediate for on-premises installations. We will continue to provide details of the Log4j compromise until the risk is completely mitigated.
After investigation and analysis, we have had no indications of Log4j intrusions to date.
15 December 2021
A new zero-day vulnerability (CVE-2021-45046) Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack has been reported for the Apache Log4j component on December 14th 2021. Micro Focus is taking immediate action to analyze and to remediate, where appropriate, Common Vulnerabilities and Exposures (CVE-2021-45046) is a reported vulnerability in the Apache Log4j open source-component that allows a denial of service (DOS) attack. The vulnerability can allow an attacker to perform a denial of service attack impacting application performance or potentially stopping an application from running. This is defined by the Common Vulnerability Scoring System (CVSS) as a level 3.7 exploit. Micro Focus uses Log4j for standard logging functionality across a number of product portfolios. We are actively remediating the vulnerability across those products to protect both SaaS and on-premises customers and issuing security bulletins with instructions on how to remediate for on-premises installations. We will continue to provide details of the Log4j CVE-2021-45046 vulnerability until the risk is completely mitigated.
After investigation and analysis, we have had no indications of Log4j intrusions to date.
20 December 2021
A new zero-day vulnerability (CVE-2021-45105) (Apache Log4j2 - does not always protect from infinite recursion in lookup evaluation) was reported by Apache for the Apache Log4j component on December 18, 2021. Micro Focus is taking immediate action to analyse and to remediate where appropriate. The reported vulnerability (CVE-2021-45105 / Apache Log4j2) is in the Apache Log4j open source-component that allows Remote Code Execution. This enables an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This is defined by the Common Vulnerability Scoring System(CVSS) as a level 7.5 exploit. Micro Focus uses Log4j for standard logging functionality across a number of product portfolios. We are actively remediating the vulnerability across those products to protect both SaaS and on-premises customers and issuing security bulletins with instructions on how to remediate for on-premises installations. We will continue to provide details of the Log4j compromise until the risk is completely mitigated.
After investigation and analysis, we have had no indications of Log4j intrusions to date.
6 January 2022
Micro Focus is taking immediate action to analyze and to remediate, where appropriate, Common Vulnerabilities and Exposures CVE-2021-44832 /Apache Log4j 2 Vulnerability, a reported vulnerability in the Apache Log4j open source-component that allows Remote Code Execution. Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server.
Micro Focus uses Log4j for standard logging functionality across several product portfolios. CVE-2021-44832 is a medium risk vulnerability with a CVSS of 6.6. We are remediating the vulnerability according to our medium risk vulnerability remediation process across those products to protect both SaaS and on-premises customers and issuing security bulletins with instructions on how to remediate for on-premises installations. We will continue to provide details of the Log4j compromise until the risk is completely mitigated. Please watch our Support Portal for relevant Security Bulletins.
After investigation and analysis, we have had no indications of Log4j intrusions to date.
Micro Focus uses a mature formal process to handle vulnerabilities that are identified both internally and externally. We have a robust, dedicated, full-time threat intelligence team with a Micro Focus-wide view, that is constantly reviewing new reports of vulnerabilities, threats and compromises for possible impact to our products and network.
Micro Focus operates a Secure Development Lifecycle that includes among other practices, a Supply Chain Security practice, 3rd Party Component Manifest and a 3rd Party Component Monitoring. Using these formal practices we ensure 3rd party components are sourced from trusted repositories, scanned and tested, free of known CVEs, and signed to ensure authenticity and integrity. New vulnerabilities are scanned and tracked to ensure closure. Unsupported 3rd party components are deprecated.
Micro Focus has a formal practice of secure software coding that is designed to protect against malicious code, backdoors, transitive dependency based vulnerabilities and other threats.
Micro Focus is actively implementing patches and mitigation measures where appropriate for the Log4j vulnerability. Zero-Day and Critical vulnerabilities are fast tracked and delivered outside the product’s major point release cycle. We rank potential patches according to CVSS scoring, and also our own enhanced scoring system that takes additional data points into account. Configuration changes or patch installations require Quality Assurance analysis and testing prior to deployment to production systems to prevent unexpected service interruptions.
6 January 2022
Micro Focus continues to respond to the Apache Log4j series of reported vulnerabilities as they have developed over the last few weeks and issues appropriate patches, security bulletins and communications to support our customers. We are committed to providing products that operate safely and properly address risk. As this is a still evolving situation we will monitor and actively address changes. Keep watching the Micro Focus Security Bulletins for any changes resulting from further industry analysis of this set of vulnerabilities. Micro Focus is committed to continue to provide prompt remediation if the situation develops further. We will periodically update this page to ensure you have the latest information on our status regarding this widely used Apache component.
For on-premises deployment Micro Focus is issuing Security Bulletins with specific instructions on how to block Log4j vulnerabilities.
If you don’t see your product listed, please come back for updates. Please contact support if urgent.