Any impact to AA of CVE-2021-45046 with respect to Log4J Vulnerability ?
search cancel

Any impact to AA of CVE-2021-45046 with respect to Log4J Vulnerability ?

book

Article ID: 230847

calendar_today

Updated On:

Products

CA Advanced Authentication - Strong Authentication (AuthMinder / WebFort)

Issue/Introduction

Status of AA's (Advanced Authentication's) investigation of impact (IF ANY) of CVE-2021-45046.

Environment

Release : 9.x

Component :

Cause

Reason for CVE-2021-45046
A fix that was earlier suggested to address CVE-2021-44228 via Apache Log4j 2.15.0 that has now been deemed incomplete.  The CVE-2021-45046 is specifically for the incomplete fix via Log4j 2.15.0. (refer to https://nvd.nist.gov/vuln/detail/CVE-2021-45046)

 

 

Resolution

Advanced Authentication product (AA) is NOT vulnerable as it does not use Log4j 2.15.0.

Refer to https://knowledge.broadcom.com/external/article?articleId=230301 Log4J Vulnerability, that is, beyond jst this CVE-2021-45046.

 

 

Additional Information

Related AA KB links 

1. Refer to consolidated AA KB for Log4J Vulnerability - https://knowledge.broadcom.com/external/article?articleId=230301

Powered by Wolken Software