Is Spectrum vulnerable to CVE-2022-23302, CVE-2022-23307 or CVE-2022-23305 which affect log4j version 1 files?
search cancel

Is Spectrum vulnerable to CVE-2022-23302, CVE-2022-23307 or CVE-2022-23305 which affect log4j version 1 files?

book

Article ID: 234230

calendar_today

Updated On:

Products

CA Spectrum DX NetOps

Issue/Introduction

 

is Spectrum 21.2.1 vulnerable for the following CVEs: CVE-2022-23302, CVE-2022-23307, CVE-2022-23305 ?

The official log4j workaround for CVE-2021-44228 & CVE-2021-45046 is integrated in our environment. https://knowledge.broadcom.com/external/article?articleId=230231.

 

Also is Spectrum 21.2.1 vulnerable for log4j1? I found a jar in ./tomcat/webapps/axis2/WEB-INF/lib/log4j-1.2.15.jar.

 

Environment

Release : 21.2, 10.4.x

Component : Spectrum OneClick

Cause

Vulnerability concern

Resolution

The log4j1 vulnerability is not present in Spectrum as confirmed by Micro Focus Visibroker for  CVE-2022-23302, CVE-2022-23307 or CVE-2022-23305.

 

However if any customers are concerned about the log4j vulnerabilities we suggest that they upgrade to 21.2.8 once released in Mid February.

Powered by Wolken Software