Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled
CA Release Automation(CARA)/Nolio: All supported versions
Components: All Components (Management Server, Execution Server and Agents)
CA Release Automation(CARA), a.k.a. Nolio (all supported versions) is not affected by this vulnerability (CVE-2021-44228) as the Log4j version used in Nolio (Log4j 1.2.16) is outside the affected range (Log4j 2.0 - 2.14.1).
CA Release Automation will be providing updated log4j 2.x libraries in the CARA version 6.8 tentative release timelines will be end of Year 2022.
For additional information related to Log4j v1 vulnerabilities please see the following KB Article: Log4j v1 Vulnerabilities
For more information on how to search Nolio's log4j configuration files, please see the following KB article: Scanning Vulnerable appender/classes in log4j.properties