Are any of the components of CA Unified Self Service (USS) affected by the log4j vulnerability that was announced recently - CVE-2021-44228.
Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled
Releases : 17.1 and 17.2
This vulnerability affects all versions of log4j from 2.0-beta9 to 2.14.1
CA Unified Self Service (USS) does not use the affected versions of log4j so there is no reason to take any remediation steps.