search cancel

CVE-2021-44228: Log4j Vulnerability Remediation in CA Business Service Insight

book

Article ID: 230317

calendar_today

Updated On:

Products

CA Business Service Insight

Issue/Introduction

Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled

Environment

All supported CA Business Service Insight releases

Release : 8.3.5 and Cumulative Patches

Cause

This vulnerability affects all versions of log4j from 2.0-beta9 to 2.14.1

Resolution

No CA Business Service Insight releases are impacted by the CVE-2021-4422 log4j    vulnerability.

No remediation steps are necessary.