Vulnerability scans of some Messaging Gateway (SMG) Control Centers may report a potential risk from CVE-2019-17571

Description

Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.

This is currently under investigation by Broadcom product engineering.

Please refer to the Security Advisories page for details on known vulnerabilities for Symantec / Broadcom products.