Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled
All supported CA Business Service Insight releases
Release : 8.3.5 and Cumulative Patches
This vulnerability affects all versions of log4j from 2.0-beta9 to 2.14.1
No CA Business Service Insight releases are impacted by the CVE-2021-4422 log4j vulnerability.
No remediation steps are necessary.