CVE-2021-4104 vulnerability and AppWorx / Automic Application Manager

search cancel

CVE-2021-4104 vulnerability and AppWorx / Automic Application Manager

book

Article ID: 231758

calendar_today

Updated On:

Products

CA Automic Applications Manager (AM)

Issue/Introduction

Is Applications Manager vulnerable to CVE-2021-4104?

Environment

Release : 9.3x, 9.4x, 9.5x

Component : Applications Manager

Resolution

Applications Manager does NOT use JMSAppender which means Applications Manager is NOT vulnerable to CVE-2021-4104

Additional Information

This issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.

Feedback

thumb_up Yes

thumb_down No