PIM 14.0 Log4j-2 CVE-2021-44228 /CVE-2021-45046 Vulnerability and mitigation
search cancel

PIM 14.0 Log4j-2 CVE-2021-44228 /CVE-2021-45046 Vulnerability and mitigation

book

Article ID: 230670

calendar_today

Updated On:

Products

CA Privileged Identity Management Endpoint (PIM)

Issue/Introduction

Based on the recent vulnerability  Log4j 2 CVE-2021-44228 /CVE-2021-45046

Additionally CVE-2021-44224  / CVE-2021-44790

documented here https://logging.apache.org/log4j/2.x/security.html , Privileged Identity Manager 14.0  is possibly vulnerable . The steps to mitigate the issues are documented below.

Note: the Endpoint software is not affected. 

Resolution

 

Locate and download the latest updated jar files to replace the vulnerable version from Apache (at this time it is log4j-XXX-2.17.1.jar)

https://logging.apache.org/log4j/2.x/download.html

Un-Zip the downloaded file to get the 2 needed files

 

You can download the PIM 14.0  patch here

Remember to login to download the patch

Once you download the patch file, please extract the “EventForwarder-0.1-SNAPSHOT.jar” to a temporary location and follow the instructions below

Note: If you are using the NIM functionality with Privilege Identity Manager then please raise a support ticket

Enterprise Management Server or Load Balance Enterprise Management Server

We have vulnerable jars in the following locations:

     <USER_INSTALL_DIRECTORY>/Services/lib

    <USER_INSTALL_DIRECTORY>/apache-tomcat-7.0.72/webapps/ca-nim-sm/WEB-INF/lib

 Note:  <USER_INSTALL_DIRECTORY> refers to the Privileged Identity Manager installation location

Example:

Windows: C:\Program Files\CA\AccessControlServer

Linux: /opt/CA/AccessControlServer

Mitigation:

  1. Stop Event Forwarder and Proxy Manager Services.
  2. Remove the existing log4j-core-2.0-rc1.jar file from <USER_INSTALL_DIRECTORY>\Services\lib
  3. Remove the existing log4j-api-2.0-rc1.jar file from <USER_INSTALL_DIRECTORY>\Services\lib
  4. Copy the new log4j-core-2.17.0.jar to <USER_INSTALL_DIRECTORY>\Services\lib
  5. Copy the new log4j-api-2.17.0.jar to <USER_INSTALL_DIRECTORY>\Services\lib
  6. Backup the existing EventForwarder-0.1-SNAPSHOT.jar from <USER_INSTALL_DIRECTORY>/Services/EventForwarder\lib to temp location.
  7. Copy the updated EventForwarder-0.1-SNAPSHOT.jar to <USER_INSTALL_DIRECTORY>/Services/EventForwarder\lib
  8. Start the Event Forwarder and Proxy Manager Services.
  9. Stop the Apache Tomcat Service.
  10. Navigate to <USER_INSTALL_DIRECTORY>/apache-tomcat-7.0.72/webapps
  11. Delete ca-nim-sm folder.
  12. Delete ca-nim-sm.war file.
  13. Start the Apache Tomcat Service  

Distribution Server

We have vulnerable jars in the following locations:

     <USER_INSTALL_DIRECTORY>/Services/lib

 Note:  <USER_INSTALL_DIRECTORY> refers to the Privileged Identity Manager installation location

Example:

Windows: C:\Program Files\CA\ AccessControlDistServer

Linux: /opt/CA/ AccessControlDistServer

Mitigation:

  1. Stop Event Forwarder Service.
  2. Remove the existing log4j-core-2.0-rc1.jar file from <USER_INSTALL_DIRECTORY>\Services\lib
  3. Remove the existing log4j-api-2.0-rc1.jar file from <USER_INSTALL_DIRECTORY>\Services\lib
  4. Copy the new log4j-core-2.17.0.jar to <USER_INSTALL_DIRECTORY>\Services\lib
  5. Copy the new log4j-api-2.17.0.jar to <USER_INSTALL_DIRECTORY>\Services\lib
  6. Backup the existing EventForwarder-0.1-SNAPSHOT.jar from <USER_INSTALL_DIRECTORY>/Services/EventForwarder\lib to temp location.
  7. Copy the updated EventForwarder-0.1-SNAPSHOT.jar to <USER_INSTALL_DIRECTORY>/Services/EventForwarder\lib
  8. Start the Event Forwarder Service

 

Attachments