Is Spectrum Vulnerable to CVE-2019-17571?
search cancel

Is Spectrum Vulnerable to CVE-2019-17571?

book

Article ID: 231508

calendar_today

Updated On:

Products

CA Spectrum DX NetOps

Issue/Introduction

Do we know if Spectrum is vulnerable to this CVE-2019-17571?  The log4j-1.2.17 file is found in the location:

$SPECROOTtomcat/webapps/ca-nim-sm/WEB-INF/lib/log4j-1.2.17.jar

Environment

Release : 10.4.x, 21.x

OS: Linux/Windows

Resolution

CA-NIM Component:

NIM doesn't use SocketAppender or JMSAppender in any way.

$SPECROOTtomcat/webapps/ca-nim-sm/WEB-INF/lib/log4j-1.2.17.jar is removed in NIM - 3.2.0.330 and later versions

Spectrum:

Spectrum doesn't use SocketServer or SocketAppender in any way. This vulnerability does not present any risk to Spectrum.

Additional Information

CA-NIM Component:

NIM 3.2.0.331 is part of Spectrum release i.e. - 21.2.6

Spectrum:

https://knowledge.broadcom.com/external/article?articleId=231099

Powered by Wolken Software