PIM 12.9.x Log4j-2 CVE-2021-44228/CVE-2021-45046 Vulnerability and mitigation
search cancel

PIM 12.9.x Log4j-2 CVE-2021-44228/CVE-2021-45046 Vulnerability and mitigation

book

Article ID: 230668

calendar_today

Updated On:

Products

CA Privileged Identity Management Endpoint (PIM)

Issue/Introduction

Based on the recent vulnerability  Log4j 2 CVE-2021-44228/CVE-2021-45046

Additionally CVE-2021-44224  / CVE-2021-44790

documented here https://logging.apache.org/log4j/2.x/security.html , Privileged Identity Manager 12.9  is possibly vulnerable .The steps to mitigate the issues are documented below.

Note: the Endpoint software is not affected. 

Resolution

Locate and download the latest updated jar files to replace the vulnerable version from Apache (at this time it is log4j-XXX-2.17.1.jar)

https://logging.apache.org/log4j/2.x/download.html

Un-Zip the downloaded file to get the 2 needed files

Symantec Privileged Identity Manager 12.9.x customers can mitigate CVE-2021-44228 using the following steps:

You can download the PIM 12.9 patch here

Once you download the patch file, please extract the “EventForwarder-0.1-SNAPSHOT.jar” to a temporary location and follow the instructions below

Enterprise Management Server or Load Balance Enterprise Management Server

We have vulnerable jars in the following locations:

<USER_INSTALL_DIRECTORY>/Services/lib

Note: <USER_INSTALL_DIRECTORY> refers to the Privileged Identity Manager installation location

Example:

Windows: C:\Program Files\CA\AccessControlServer

Linux: /opt/CA/AccessControlServer

Mitigation:

  1. Stop Event Forwarder and Proxy Manager Services
  2. Remove the existing log4j-core-2.0-rc1.jar file from <USER_INSTALL_DIRECTORY>\Services\lib
  3. Remove the existing log4j-api-2.0-rc1.jar file from <USER_INSTALL_DIRECTORY>\Services\lib
  4. Copy the new log4j-api-2.17.0.jar to <USER_INSTALL_DIRECTORY>\Services\lib
  5. Copy the new log4j-core-2.17.0.jar to <USER_INSTALL_DIRECTORY>\Services\lib
  6. Backup the existing EventForwarder-0.1-SNAPSHOT.jar from <USER_INSTALL_DIRECTORY>/Services/EventForwarder\lib to temp location.
  7. Copy the updated EventForwarder-0.1-SNAPSHOT.jar to <USER_INSTALL_DIRECTORY>/Services/EventForwarder\lib
  8. Start the Event Forwarder and Proxy Manager Services

Distribution Server

We have vulnerable jars in the following locations:

<USER_INSTALL_DIRECTORY>/Services/lib

Note: <USER_INSTALL_DIRECTORY> refers to the Privileged Identity Manager installation location. 

Example:

Windows: C:\Program Files\CA\ AccessControlDistServer

Linux: /opt/CA/ AccessControlDistServer

Mitigation:

  1. Stop Event Forwarder Service.
  2. Remove the existing log4j-core-2.0-rc1.jar file from <USER_INSTALL_DIRECTORY>\Services\lib
  3. Remove the existing log4j-api-2.0-rc1.jar file from <USER_INSTALL_DIRECTORY>\Services\lib
  4. Copy the new log4j-core-2.17.0.jar to <USER_INSTALL_DIRECTORY>\Services\lib
  5. Copy the new log4j-api-2.17.0.jar to <USER_INSTALL_DIRECTORY>\Services\lib
  6. Backup the existing EventForwarder-0.1-SNAPSHOT.jar from <USER_INSTALL_DIRECTORY>/Services/EventForwarder\lib to temp location.
  7. Copy the updated EventForwarder-0.1-SNAPSHOT.jar to <USER_INSTALL_DIRECTORY>/Services/EventForwarder\lib
  8. Start the Event Forwarder Service.

Attachments

Powered by Wolken Software