PAMSC Log4j-2 CVE-2021-44228/CVE-2021-45046 Vulnerability and mitigation
search cancel

PAMSC Log4j-2 CVE-2021-44228/CVE-2021-45046 Vulnerability and mitigation

book

Article ID: 230586

calendar_today

Updated On:

Products

CA Privileged Access Manager - Server Control (PAMSC)

Issue/Introduction

Based on the recent vulnerability  Log4j 2 CVE-2021-44228/CVE-2021-45046

Additionally CVE-2021-44224  / CVE-2021-44790

documented here https://logging.apache.org/log4j/2.x/security.html , Symantec PAM Server Control 14.1 is possibly vulnerable . The steps to mitigate the issues are documented below.

Note: The Endpoint and Distribution Server software is not affected. 

Environment

PAMSC Enterprise Management servers, 14.1

Resolution

Locate and download the latest updated jar files to replace the vulnerable version from Apache. The screenshots below were taken in in 2021, but the newest version is log4j-XXX-2.22.1.jar as of February 2024.

https://logging.apache.org/log4j/2.x/download.html

Un-Zip the downloaded file to get the 2 needed files

 

Symantec PAM Server Control customers can mitigate CVE-2021-44228 using the following steps:

 

Stop the Wildfly Service

Delete the tmp folder from the  <WILDFLY_INSTALL_DIRECTORY>\standalone location

Backup/remove the existing log4j-core-2.11.0.jar file from (to some other location)
      <WILDFLY_INSTALL_DIRECTORY>/standalone/deployments/IdentityMinder.ear/library

      <WILDFLY_INSTALL_DIRECTORY>/standalone/deployments/acrptsrv.ear/acrptsrv.jar 

Backup/remove the existing log4j-api-2.11.0.jar file from (to some other location)
       <WILDFLY_INSTALL_DIRECTORY>/standalone/deployments/IdentityMinder.ear/library 

       <WILDFLY_INSTALL_DIRECTORY>/standalone\deployments\IdentityMinder.ear\management_console.war\WEB-INF\lib

        <WILDFLY_INSTALL_DIRECTORY>/standalone/deployments/acrptsrv.ear/acrptsrv.jar 

Copy the new log4j-core-2.xx.0.jar to 
        <WILDFLY_INSTALL_DIRECTORY>/standalone/deployments/IdentityMinder.ear/library

        <WILDFLY_INSTALL_DIRECTORY>/standalone/deployments/acrptsrv.ear/acrptsrv.jar

Copy the new log4j-api-2.xx.0.jar to  
         <WILDFLY_INSTALL_DIRECTORY>/standalone/deployments/IdentityMinder.ear/library

         <WILDFLY_INSTALL_DIRECTORY>/standalone/deployments/IdentityMinder.ear/management_console.war/WEB-INF\lib

        <WILDFLY_INSTALL_DIRECTORY>/standalone/deployments/acrptsrv.ear/acrptsrv.jar

Start the Wildfly Service

 

 

Additional Information

https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793