-
-
Platform Overview Platform Overview
High-precision data and advanced tooling in one place
-
Maps & Data Maps & Data
Build high-quality maps using fresh location data
Maps & Data-
Map Data Map Data
Create fresh, accurate maps and layer global information
-
Dynamic Map Content Dynamic Map Content
Explore industry-leading map content
-
Maps for ADAS & HAD Maps for ADAS & HAD
Help vehicles see beyond sensors with location data sources
-
-
Services Services
Browse our extensive range of services and APIs
Services-
Routing Routing
Make journey planning easier with our routing portfolio
-
Geocoding & Search Geocoding & Search
Translate addresses into accurate geocoordinates
-
Map Rendering Map Rendering
Highly customizable graphics and real-time map data
-
Positioning Positioning
Pinpoint devices and assets locations with precision
-
-
Tools Tools
Build solutions with our flexible developer tools and applications
Tools-
HERE Studio HERE Studio
Visualize, style and edit location data
-
HERE Workspace HERE Workspace
Create location-centric products and services in one space
-
HERE Marketplace HERE Marketplace
Source, buy, sell and trade location assets
-
HERE SDK HERE SDK
Build advanced location-enabled applications
-
HERE Live Sense SDK HERE Live Sense SDK
Enhance driver awareness by using AI
-
HERE Anonymizer HERE Anonymizer
Maximize location data while supporting regulatory compliance
-
-
Capabilities Capabilities
Everything you need for your location-related use case
Capabilities-
Visualize Data Visualize Data
Identify complex trends and patterns
-
Generate Insights Generate Insights
Transform location data into compelling stories
-
Build Applications Build Applications
Create feature-rich products designed for business
-
Develop Services Develop Services
Produce tailored service experiences
-
Make Maps Make Maps
Create and use custom digital maps
-
-
-
-
By Market By MarketBy Market
-
Automated Driving Automated Driving
-
Connected Driving Connected Driving
-
Fleet Management Fleet Management
-
Supply Chain Supply Chain
-
Urban Mobility Urban Mobility
-
Infrastructure Planning Infrastructure Planning
-
Public Safety Public Safety
-
-
By Applications By ApplicationsBy Applications
-
HERE Last Mile HERE Last Mile
Optimize your last mile deliveries
-
HERE Asset Tracking HERE Asset Tracking
Track assets in real-time with our end-to-end solution
-
HERE Navigation HERE Navigation
Use our off-the shelf navigation system
-
HERE WeGo HERE WeGo
Enjoy your journey with our new navigation app
-
-
-
-
Partner with HERE Partner with HERE
-
Partner Network Partner Network
-
-
Pricing Pricing
-
-
Documentation Documentation
-
Tutorials Tutorials
-
Code Examples Code Examples
-
Knowledge Base Knowledge Base
-
Developer Blog Developer Blog
-
-
-
About us About us
-
Events Events
-
News News
-
Press Releases Press Releases
-
Careers Careers
-
Sustainability Sustainability
-
Leadership Leadership
-
Investors Investors
-
HERE360 Blog HERE360 Blog
-
HERE Security Update on Log4Shell Vulnerability
HERE Technologies is aware of the “Log4Shell” vulnerability (categorized by the National Vulnerability Database as CVE-2021-44228), affecting many Java-based applications.
Industry analysts have given this vulnerability the highest possible severity rating: when exploited, this vulnerability allows remote code execution (RCE), compromising the targeted systems.
HERE took immediate steps to evaluate the impact of Log4Shell. As soon as the vulnerability was disclosed, we have been actively fortifying our defense layers and maximizing mitigation efforts; in fact, our Security and Engineering teams have been working tirelessly to assess and remediate this issue. We have assessed the impact and deployed numerous mitigations and patches to several of our tools and software that may include log4j, as further outlined below.
For any additional support, please open a ticket on the HERE support portal.
Update Jan 11, 2022
1. Summary
Product-specific updates complete.
2.1. Services & Applications
2.1.1. Tour Planning API
The service has been patched to mitigate the issues identified in CVE-2021-44228
2.1.2. Tracking
Not impacted
2.1.3. Fleet Telematics API
Not impacted
2.1.4. On-Street Parking API
Not impacted
2.1.5. Off-Street Parking API
The service has been patched to mitigate the issues identified in CVE-2021-44228
2.1.6. EV Charge Points API
Not impacted
2.2. Positioning
2.2.1. HD GNSS Positioning & A GNSS Positioning
Not impacted
2.2.2. Network Positioning API v1
Not impacted
2.2.3. Network Positioning API v2
Not impacted
2.3. Map Rendering
2.3.1. Map Image API
Not impacted
2.3.2. Map Tile API - Satellite Tiles
Not impacted
2.3.3. Map Tile API - Map Tiles
Not impacted
2.3.4. Map Tile API - Traffic Tiles
Not impacted
2.3.5. Vector Tile API
Not impacted
2.4. Real-Time Traffic
2.4.1. Traffic API v6
Not impacted
2.4.2. Traffic TPEG API
Not impacted
2.4.3. Traffic API v7
Not impacted
2.5. Routing
2.5.1. Isoline Routing API v8
Not impacted
2.5.2. Matrix Routing API v8
Not impacted
2.5.3. Route Matching v8
Not impacted
2.5.4. Routing API v7
Not impacted
2.5.5. Routing API v8
Not impacted
2.5.6. Waypoints Sequence v8
Not impacted
2.5.7. Routing Hybrid (mSDK 3.x) API
Not impacted
2.6. Geocoding & Search
2.6.1. Batch Geocoder API v6
Not impacted
2.6.2. Forward Geocoder API v6
Not impacted
Reverse Geocoder API v6
Not impacted
2.6.3. Geocoder Autocomplete API v6
Not impacted
2.6.4. Geocoding & Search API v7
Not impacted
2.6.5. Places (Search) API v6
The service has been patched to mitigate the issues identified in CVE-2021-44228
2.7. Transit
2.7.1. Intermodal Routing API v8
Not impacted
2.7.2. Public Transit API v3
Not impacted
Public Transit API v8
Not impacted
2.8. Dynamic Content
2.8.1. Fuel Prices API
Fuel Price API has been patched to mitigate the issues identified in CVE-2021-44228.
2.8.2. Safety Cameras
Not impacted
2.8.3. Destination Weather API
Not impacted
2.8.4. Map Attribute API
Not impacted
2.8.5. Map Feedback API
Not impacted
2.9. Workspace & Marketplace
2.9.1. Logs
Not impacted
2.9.2. Monitoring and alerts
Not impacted
2.9.3. Pipelines
Pipeline Management Services are not impacted.
Pipeline Runtime environments:
- Pipeline Management services running in Pipeline Runtimes are patched to mitigate the issues identified in CVE-2021-44228.
- All Flink and Spark components are patched to mitigate the issues identified in CVE-2021-44228.
- Flink: Not impacted
- Spark: Not impacted
2.9.4. Platform Portal
The service has been patched to mitigate the issues identified in CVE-2021-44228
2.10. Data
2.10.1. Read from Stream Layer
The service has been patched to mitigate the issues identified in CVE-2021-44228.
2.10.2. Read from Versioned Layer
The service has been patched to mitigate the issues identified in CVE-2021-44228
2.10.3. Read from Volatile Layer
The service has been patched to mitigate the issues identified in CVE-2021-44228
2.10.4. Read Schemas
Not impacted
2.10.5. Write to Stream Layer
The service has been patched to mitigate the issues identified in CVE-2021-44228.
2.10.6. Write to Versioned Layer
The service has been patched to mitigate the issues identified in CVE-2021-44228
2.10.7. Write to Volatile Layer
The service has been patched to mitigate the issues identified in CVE-2021-44228
2.10.8. Write Schemas
Not impacted
2.11. Development Enablers
2.11.1. Data Hub API
The service has been patched to to mitigate the issues identified in CVE-2021-44228
2.12. On-Premise Service Applications
HERE's on premise customer software has been assessed against the issues identified in CVE-2021-44228 and, as supplied, does not contain software with this vulnerability.
- Batch Geocoder API v6
- Fleet Telematics API services
- Geocoder API v6
- Geocoder Autocomplete API v6
- Java Script API 3.1
- Map Tile API
- Routing API v7
- Routing API v8
- Traffic API
- Wi-Fi positioning
Have your say
Sign up for our newsletter
Why sign up:
- Latest offers and discounts
- Tailored content delivered weekly
- Exclusive events
- One click to unsubscribe