CVE-2019-17571 - Is Service Operations Insight (SOI) affected by this vulnerability?
search cancel

CVE-2019-17571 - Is Service Operations Insight (SOI) affected by this vulnerability?

book

Article ID: 230849

calendar_today

Updated On:

Products

CA Service Operations Insight (SOI)

Issue/Introduction

Is SOI exposed by this vulnerability - CVE-2019-17571

Are any steps need to remediate?

Environment

Release : 4.2 CU2

Component : SOI ALERT MANAGEMENT

Cause

CVE-2019-17571

Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a

deserialization gadget when listening to untrusted network traffic for log data.

This affects Log4j versions up to 1.2 up to 1.2.17.

Resolution

SOI CU4 ships with 2.17.2 to fix the security vulnerabilities.

 

 

This vulnerability is specific to the SocketServer class in the Log4j library.

Although the SOI ships the 1.x version of Log4j, the Log4j capability to access remote logs through its SocketServer class (where the vulnerability exists) is not enabled.

Therefore, SOI is not impacted by CVE-2019-17571.

No steps needed.

Additional Information

SOI CU4 ships with 2.17.2 to fix the security vulnerabilities.

https://techdocs.broadcom.com/us/en/ca-enterprise-software/it-operations-management/service-operations-insight-monthly-update-kit/MUK/monthly-update-kits/ca-soi-4-2/SOI-4-2-CU4.html#concept.dita_ceeba821-51be-481e-a157-598c94377e5d_FixedIssues

 

https://nvd.nist.gov/vuln/detail/CVE-2019-17571

 

CVE-2019-17571 - Is CA Embedded Entitlements Manager(EEM) affected by this vulnerability?

https://knowledge.broadcom.com/external/article/230854/