search cancel

PAMSC Log4j-2 CVE-2021-44228/CVE-2021-45046 Vulnerability and mitigation

book

Article ID: 230586

calendar_today

Updated On:

Products

CA Privileged Access Manager - Server Control (PAMSC)

Issue/Introduction

Based on the recent vulnerability  Log4j 2 CVE-2021-44228/CVE-2021-45046

Additionally CVE-2021-44224  / CVE-2021-44790

documented here https://logging.apache.org/log4j/2.x/security.html , Symantec PAM Server Control 14.1 is possibly vulnerable . The steps to mitigate the issues are documented below.

Note: The Endpoint and Distribution Server software is not affected. 

Environment

Release : 14.1

Component :ENTM Servers

Resolution

Locate and download the latetest updated jar files to replace the vulnerable version from Apache (at this time it is log4j-XXX-2.17.1.jar

https://logging.apache.org/log4j/2.x/download.html

Un-Zip the downloaded file to get the 2 needed files

 

Symantec PAM Server Control customers can mitigate CVE-2021-44228 using the following steps:

 

Stop the WildflyService

Delete the tmp folder from the  <WILDFLY_INSTALL_DIRECTORY>\standalone location

Backup/remove the existing log4j-core-2.11.0.jar file from (to some other location)
      <WILDFLY_INSTALL_DIRECTORY>/standalone/deployments/IdentityMinder.ear/library

      <WILDFLY_INSTALL_DIRECTORY>/standalone/deployments/acrptsrv.ear/acrptsrv.jar 

Backup/remove the existing log4j-api-2.11.0.jar file from (to some other location)
       <WILDFLY_INSTALL_DIRECTORY>/standalone/deployments/IdentityMinder.ear/library 

       <WILDFLY_INSTALL_DIRECTORY>/standalone\deployments\IdentityMinder.ear\management_console.war\WEB-INF\lib

        <WILDFLY_INSTALL_DIRECTORY>/standalone/deployments/acrptsrv.ear/acrptsrv.jar 

Copy the new log4j-core-2.17.0.jar to 
        <WILDFLY_INSTALL_DIRECTORY>/standalone/deployments/IdentityMinder.ear/library

        <WILDFLY_INSTALL_DIRECTORY>/standalone/deployments/acrptsrv.ear/acrptsrv.jar

Copy the new log4j-api-2.17.0.jar to  
         <WILDFLY_INSTALL_DIRECTORY>/standalone/deployments/IdentityMinder.ear/library

         <WILDFLY_INSTALL_DIRECTORY>/standalone\deployments\IdentityMinder.ear\management_console.war\WEB-INF\lib

        <WILDFLY_INSTALL_DIRECTORY>/standalone/deployments/acrptsrv.ear/acrptsrv.jar

Start the WildflyService

 

 

Additional Information

https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793

Attachments