As you may be aware, on Thursday, December 9, 2021, a critical vulnerability in the popular Java-based logging package Log4j was disclosed. This vulnerability allows an attacker to execute code on a remote server; a so-called Remote Code Execution (RCE). In light of this Theorem have reviewed their code and discovered the following:
No vulnerabilities have been found in the CA5CVW range of products, Theorem stopped using Java in their CADverter development several years ago. Creo View and the Creo View Adapter Toolkit does not consume the log4j library for any purpose.
Further information on these (and other PTC products) can be found at: