Clarity log4j file high vulnerability
search cancel

Clarity log4j file high vulnerability

book

Article ID: 191530

calendar_today

Updated On:

Products

Clarity PPM On Premise Clarity PPM SaaS

Issue/Introduction

Log4j version 1.2 to 1.2.17 are deemed vulnerable with CVE number CVE-2019-17571

Environment

Release : All Clarity supported version 

Component : CA PPM STUDIO

Cause

CVE-2019-17571

Resolution


Clarity use log4j 1.2.15 and according to the CVE it's vulnerable. But this doesn't apply to clarity as we don't use the SocketServer functionality.

SocketServer needs to be started on a port in the system so that a remote log reading application can access log data, which is not the case with Clarity

Powered by Wolken Software