search cancel

CVE-2021-44228: Log4j Vulnerability Remediation in CA Unified Self Service (USS)

book

Article ID: 230375

calendar_today

Updated On:

Products

CA Service Desk Manager CA Service Management - Service Desk Manager

Issue/Introduction

Are any of the components of CA Unified Self Service (USS) affected by the log4j vulnerability that was announced recently - CVE-2021-44228.

Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled

Environment

Releases : 17.1 and 17.2

Cause

This vulnerability affects all versions of log4j from 2.0-beta9 to 2.14.1

Resolution

CA Unified Self Service (USS) does not use the affected versions of log4j so there is no reason to take any remediation steps.

Additional Information

https://nvd.nist.gov/vuln/detail/CVE-2021-44228