search cancel

CA Unified Communications Monitor (UCM) : Remote code injection in Log4j (CVE-2021-44228)

book

Article ID: 230328

calendar_today

Updated On:

Products

CA Unified Communications Monitor (NetQoS / UCM)

Issue/Introduction

CA Unified Communications Monitor is not affected by this vulnerability as CA Unified Communications Monitor does not use the affected versions of log4j so there is no reason to take any remediation steps.

Environment

Release : CA Unified Communications Monitor

Cause

CVE-2021-44228

Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled

This vulnerability affects all versions of log4j from 2.0-beta9 to 2.14.1

Resolution

CA Unified Communications Monitor is not affected by this vulnerability as CA Unified Communications Monitor does not use affected versions of log4j.

Additional Information

https://nvd.nist.gov/vuln/detail/CVE-2021-44228