CVE-2020-4041 Vulnerability and CA Process Automation
search cancel

CVE-2020-4041 Vulnerability and CA Process Automation

book

Article ID: 230952

calendar_today

Updated On:

Products

CA Process Automation Base Process Automation Manager

Issue/Introduction

Based on the description of CVE-2021-4041, it "only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default.".

More information can be seen here:

Broadcom Enterprise Software Security Advisory for Log4j 2 CVE-2021-44228 Vulnerability

NVD - CVE-2020-4041

Environment

Process Automation - All Supported versions.

Resolution

Engineering team confirmed that JMSAppender is not configured or enabled by default in PAM, so it's not affected by this vulnerability.

Powered by Wolken Software