Log4j vulnerability - CVE-2019-17571 - log4j version 1.2.16 / 1.2.17
search cancel

Log4j vulnerability - CVE-2019-17571 - log4j version 1.2.16 / 1.2.17

book

Article ID: 232082

calendar_today

Updated On:

Products

CA Identity Manager

Issue/Introduction

 This KB contains details on the impact of the log4j vulnerability CVE-2019-17571 ( NVD - CVE-2019-17571 )  on the Identity Suite software.

Environment

Release : 14.4

Component : IdentityMinder(Identity Manager)

Resolution

Symantec Identity Management Suite products are NOT vulnerable for the Remote Code Execution vulnerability CVE-2019-17571.

The Identity Suite product do not have any implemented features which initiate Socket Server to listen on any port so there is no method to deserialize untrusted user input comprising serialized state of an object (or system resource) to exploit this. 


 

Additional Information

Overall Log4j Tech Doc:
https://knowledge.broadcom.com/external/article?articleId=230278