search cancel

CVE-2021-44228: Is CA Embedded Entitlements Manager(EEM) affected by the log4j zero day vulnerability?

book

Article ID: 230311

calendar_today

Updated On:

Products

CA Service Desk Manager CA Service Management - Service Desk Manager CA Service Catalog CA Service Management - Asset Portfolio Management CA Process Automation Base CA Workload Automation AE DX NetOps CA Spectrum

Issue/Introduction

Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled

Environment

Release : ALL Supported Versions

Resolution

CA EEM (all versions) is not impacted by vulnerability CVE-2021-44228

Additional Information

https://nvd.nist.gov/vuln/detail/CVE-2021-44228

Service Operations Insight (SOI) in not affected by the log4j zero day vulnerability

However, the Ca Help Desk Connector is:

https://knowledge.broadcom.com/external/article/230292/

 CA Process Automation is not affected by the log4j zero day vulnerability

https://knowledge.broadcom.com/external/article/230306/