HERE Security Update on Log4Shell Vulnerability
HERE Technologies is aware of the “Log4Shell” vulnerability (categorized by the National Vulnerability Database as CVE-2021-44228), affecting many Java-based applications.
Industry analysts have given this vulnerability the highest possible severity rating: when exploited, this vulnerability allows remote code execution (RCE), compromising the targeted systems.
HERE took immediate steps to evaluate the impact of Log4Shell. As soon as the vulnerability was disclosed, we have been actively fortifying our defense layers and maximizing mitigation efforts; in fact, our Security and Engineering teams have been working tirelessly to assess and remediate this issue. We have assessed the impact and deployed numerous mitigations and patches to several of our tools and software that may include log4j, as further outlined below.
For any additional support, please open a ticket on the HERE support portal.
Update Jan 11, 2022
1. Summary
Product-specific updates complete.
2.1. Services & Applications
2.1.1. Tour Planning API
The service has been patched to mitigate the issues identified in CVE-2021-44228
2.1.2. Tracking
Not impacted
2.1.3. Fleet Telematics API
Not impacted
2.1.4. On-Street Parking API
Not impacted
2.1.5. Off-Street Parking API
The service has been patched to mitigate the issues identified in CVE-2021-44228
2.1.6. EV Charge Points API
Not impacted
2.2. Positioning
2.2.1. HD GNSS Positioning & A GNSS Positioning
Not impacted
2.2.2. Network Positioning API v1
Not impacted
2.2.3. Network Positioning API v2
Not impacted
2.3. Map Rendering
2.3.1. Map Image API
Not impacted
2.3.2. Map Tile API - Satellite Tiles
Not impacted
2.3.3. Map Tile API - Map Tiles
Not impacted
2.3.4. Map Tile API - Traffic Tiles
Not impacted
2.3.5. Vector Tile API
Not impacted
2.4. Real-Time Traffic
2.4.1. Traffic API v6
Not impacted
2.4.2. Traffic TPEG API
Not impacted
2.4.3. Traffic API v7
Not impacted
2.5. Routing
2.5.1. Isoline Routing API v8
Not impacted
2.5.2. Matrix Routing API v8
Not impacted
2.5.3. Route Matching v8
Not impacted
2.5.4. Routing API v7
Not impacted
2.5.5. Routing API v8
Not impacted
2.5.6. Waypoints Sequence v8
Not impacted
2.5.7. Routing Hybrid (mSDK 3.x) API
Not impacted
2.6. Geocoding & Search
2.6.1. Batch Geocoder API v6
Not impacted
2.6.2. Forward Geocoder API v6
Not impacted
Reverse Geocoder API v6
Not impacted
2.6.3. Geocoder Autocomplete API v6
Not impacted
2.6.4. Geocoding & Search API v7
Not impacted
2.6.5. Places (Search) API v6
The service has been patched to mitigate the issues identified in CVE-2021-44228
2.7. Transit
2.7.1. Intermodal Routing API v8
Not impacted
2.7.2. Public Transit API v3
Not impacted
Public Transit API v8
Not impacted
2.8. Dynamic Content
2.8.1. Fuel Prices API
Fuel Price API has been patched to mitigate the issues identified in CVE-2021-44228.
2.8.2. Safety Cameras
Not impacted
2.8.3. Destination Weather API
Not impacted
2.8.4. Map Attribute API
Not impacted
2.8.5. Map Feedback API
Not impacted
2.9. Workspace & Marketplace
2.9.1. Logs
Not impacted
2.9.2. Monitoring and alerts
Not impacted
2.9.3. Pipelines
Pipeline Management Services are not impacted.
Pipeline Runtime environments:
- Pipeline Management services running in Pipeline Runtimes are patched to mitigate the issues identified in CVE-2021-44228.
- All Flink and Spark components are patched to mitigate the issues identified in CVE-2021-44228.
- Flink: Not impacted
- Spark: Not impacted
2.9.4. Platform Portal
The service has been patched to mitigate the issues identified in CVE-2021-44228
2.10. Data
2.10.1. Read from Stream Layer
The service has been patched to mitigate the issues identified in CVE-2021-44228.
2.10.2. Read from Versioned Layer
The service has been patched to mitigate the issues identified in CVE-2021-44228
2.10.3. Read from Volatile Layer
The service has been patched to mitigate the issues identified in CVE-2021-44228
2.10.4. Read Schemas
Not impacted
2.10.5. Write to Stream Layer
The service has been patched to mitigate the issues identified in CVE-2021-44228.
2.10.6. Write to Versioned Layer
The service has been patched to mitigate the issues identified in CVE-2021-44228
2.10.7. Write to Volatile Layer
The service has been patched to mitigate the issues identified in CVE-2021-44228
2.10.8. Write Schemas
Not impacted
2.11. Development Enablers
2.11.1. Data Hub API
The service has been patched to to mitigate the issues identified in CVE-2021-44228
2.12. On-Premise Service Applications
HERE's on premise customer software has been assessed against the issues identified in CVE-2021-44228 and, as supplied, does not contain software with this vulnerability.
- Batch Geocoder API v6
- Fleet Telematics API services
- Geocoder API v6
- Geocoder Autocomplete API v6
- Java Script API 3.1
- Map Tile API
- Routing API v7
- Routing API v8
- Traffic API
- Wi-Fi positioning
Have your say
Sign up for our newsletter
Why sign up:
- Latest offers and discounts
- Tailored content delivered weekly
- Exclusive events
- One click to unsubscribe