CVE-2021-45105 - CVE-2021-45104 :Is DX Netops Performance Management (PM) affected by these vulnerability?
search cancel

CVE-2021-45105 - CVE-2021-45104 :Is DX Netops Performance Management (PM) affected by these vulnerability?

book

Article ID: 231025

calendar_today

Updated On:

Products

CA Performance Management - Usage and Administration DX NetOps

Issue/Introduction

Is performance management exposed by CVE-2021-45105.

Environment

Only the following components are affected:

Data Collectors (21.2.2+ only)

Data Aggregators (21.2.2+ only)

Data Repository Nodes (3.7.x, 20.2.x, and 21.2.x)

 

The NetOps Portal and Data Aggregator Proxy are not affected.

Cause

Current Description

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3) did not protect from uncontrolled recursion from self-referential lookups.

This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted.

This issue was fixed in Log4j 2.17.0 and 2.12.3.

Resolution

Broadcom is aware of CVE-2021-45105 - CVE-2021-45104

NetOps 21.2.6 will be shipped with log4j 2.17.0 to mitigate this vulnerability.

Additional Information

https://nvd.nist.gov/vuln/detail/CVE-2021-45105

 

Powered by Wolken Software