Log4j vulnerability check for AA SDK clients for Webfort/RiskFort
search cancel

Log4j vulnerability check for AA SDK clients for Webfort/RiskFort

book

Article ID: 230935

calendar_today

Updated On:

Products

CA Advanced Authentication - Strong Authentication (AuthMinder / WebFort)

Issue/Introduction

Are there any vulnerability fallouts for SDK Webfort/RiskFort (CA Risk Authentication and CA Strong Authentication)  due to Log4j Vulnerability -CVE-2021-44228 (aka Log4JShell)?

The example Java libraries in AA are as such:

-CARiskMinder.jar
-CAMobile-OTP-LIB-Android-2.2.5.jar

 

Environment

Release : AA 9.x

Component :

Cause

Log4j Vulnerability -CVE-2021-44228 (aka Log4JShell)

Resolution

AA SDK clients like Android/iOS, AA are not using the log4j hence definitively no implications due to CVE-2021-44228 (aka Log4JShell)

Additional Information

None.