search cancel

Zero Day Vulnerability - Apache Log4j-CAPMAN

book

Article ID: 230357

calendar_today

Updated On:

Products

CA Capacity Manager

Issue/Introduction

This article explains about the Zero Day Vulnerability - Apache Log4j (CVE-2021-44228) in CAPMAN.

Environment

Release : any supported version

Cause

CVE-2021-44228

Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled

This vulnerability affects all versions of log4j from 2.0-beta9 to 2.14.1

Resolution

CA Capacity Management is not affected by this vulnerability as it does not use affected versions of log4j.

Additional Information

https://nvd.nist.gov/vuln/detail/CVE-2021-44228