Need an assessment for DataPower 3.2 Field Pack against Log4j CVE-2021-44228
search cancel

Need an assessment for DataPower 3.2 Field Pack against Log4j CVE-2021-44228

book

Article ID: 230669

calendar_today

Updated On:

Products

CA Application Performance Management (APM / Wily / Introscope)

Issue/Introduction

I'm aware that agents for 9.7+ are not vulnerable to the log4j exploit as per

Broadcom Support Portal

However, we are also running the APM DataPower 3.2 field pack and the version numbers of this agent do not align to the APM product.

Please provide an assessment as to the vulnerability of the Datapower 3.2  APM field pack.

Environment

Release : 10.7.0

Component : Integration with APM

Resolution

Datapower field pack does not include log4j core, therefore it is not affected by CVE-2021-44228.

Powered by Wolken Software