search cancel

CVE-2021-44228: Log4J2 Vulnerability in CA 2E and PLEX

book

Article ID: 230307

calendar_today

Updated On:

Products

CA 2E CA Plex

Issue/Introduction

Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.

Environment

CA 2E (All Versions)

CA Plex (All Versions)

Resolution

CA 2E and Plex are NOT affected by this vulnerability