is Spectrum 21.2.1 vulnerable for the following CVEs: CVE-2022-23302, CVE-2022-23307, CVE-2022-23305 ?
The official log4j workaround for CVE-2021-44228 & CVE-2021-45046 is integrated in our environment. https://knowledge.broadcom.com/external/article?articleId=230231.
Also is Spectrum 21.2.1 vulnerable for log4j1? I found a jar in ./tomcat/webapps/axis2/WEB-INF/lib/log4j-1.2.15.jar.
Release : 21.2, 10.4.x
Component : Spectrum OneClick
The log4j1 vulnerability is not present in Spectrum as confirmed by Micro Focus Visibroker for CVE-2022-23302, CVE-2022-23307 or CVE-2022-23305.
However if any customers are concerned about the log4j vulnerabilities we suggest that they upgrade to 21.2.8 once released in Mid February.