We have a REXX script that can send messages to AXC, OPS, VOX and others via the RequestService.jar and a POST action. After the 11.7 upgrade, that file is removed. Is this way building a message to the various AP windows still available to the product? 

/* Create the URI string to communicate */
xmlfile='E:\ProgramData\CA\CA Automation Point\ ... \SendMsgRoutine.xml' 
uriRoot='http://'MessageHost':8080/apwebsvc'
uri=uriRoot||'/'sessType'/'MessageSession'/messages'

opts='-output stdout -user 'user' -password 'pass' -xmlfile "'xmlfile'"' 
opts=opts||' -replacexml "{MessageText}='MessageText'"'
opts=opts||' -replacexml "{MessageCat}='MessageCat'"'
opts=opts||' -replacexml "{MessageSev}='MessageSev'"'
opts=opts||' -replacexml "{MessageAct}='MessageAct'"'

Address CMD "call RequestService post "uri opts

Release : 11.7

Component :

Regarding the missing RequestService jar file, the decision was made to remove the RequestService utility from release 11.7 because it employs JAVA files susceptible to log4j, and other potential security vulnerabilities.  

Customers can continue using the utility to make requests to the AP 11.7 Web services. The utility will need to be copied from the AP 11.6 installation to AP 11.7 in order for the Rexx scripts to be able to run it.  We recommend instead that customers consider other means of sending requests to AP Web Services such as Powershell or Python scripts, as examples.

If it is decided to continue to run the release 11.6 RequestService utility, be advised that it contains Log4j 2.11.1 libraries, which are the ones with the CVE-2021-44228 vulnerability. The vulnerability itself does not apply to the utility since it is not a web service/application, but ensure your site does not have restrictions against the files residing on the system.