search cancel

CVE-2021-44228: Is CA PKI affected by the log4j zero day vulnerability?


Article ID: 230417


Updated On:


CA Spectrum DX Unified Infrastructure Management (Nimsoft / UIM) CA Service Desk Manager CA Service Management - Service Desk Manager CA Client Automation CA Client Automation - IT Client Manager CA Workload Automation DE - System Agent (dSeries) CA Workload Automation AE - System Agent (AutoSys) CA Workload Automation AE - Business Agents (AutoSys) CA Workload Automation AE - Scheduler (AutoSys) CA Directory CA Identity Manager SITEMINDER CA Secure Cloud SaaS - Single Sign On CA Secure Cloud SaaS - Identity Management CA Secure Cloud SaaS - Arcot A-OK (WebFort) CA Secure Cloud SaaS - Advanced Authentication CA Privileged Identity Management Endpoint (PIM) Gen XCOM - SUPPORT XCOM Data Transport Common Services Automation Point


Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled


CA PKI Releases : 5.6.5, 5.6.6 and 5.6.7 


CA PKI (all versions) not using Apache Log4j Component hence there is no impact with CVE-2021-44228 vulnerability

Additional Information