Do we know if Spectrum is vulnerable to this CVE-2019-17571? The log4j-1.2.17 file is found in the location:
$SPECROOTtomcat/webapps/ca-nim-sm/WEB-INF/lib/log4j-1.2.17.jar
Release : 10.4.x, 21.x
OS: Linux/Windows
CA-NIM Component:
NIM doesn't use SocketAppender or JMSAppender in any way.
$SPECROOTtomcat/webapps/ca-nim-sm/WEB-INF/lib/log4j-1.2.17.jar is removed in NIM - 3.2.0.330 and later versions
Spectrum:
Spectrum doesn't use SocketServer or SocketAppender in any way. This vulnerability does not present any risk to Spectrum.
CA-NIM Component:
NIM 3.2.0.331 is part of Spectrum release i.e. - 21.2.6
Spectrum:
https://knowledge.broadcom.com/external/article?articleId=231099