Our security team is showing VNA as being flagged in vulnerability scans for log4j
search cancel

Our security team is showing VNA as being flagged in vulnerability scans for log4j

book

Article ID: 234423

calendar_today

Updated On:

Products

CA Virtual Network Assurance DX NetOps

Issue/Introduction

VNA has been flagged for log4j syslog4j-0.9.46.jar as follows as of today:


DX NetOps Virtual Network Administration
"<plugin_output>
  Path              : /opt/CA/VNA/wildfly/standalone/tmp/vfs/deployment/deployment999320e66001af6/syslog4j-0.9.46.jar-940a7d31e70df258/syslog4j-0.9.46.jar
  Installed version : 0.9.46
</plugin_output>"


DX NetOps(VNA)
"<plugin_output>
  Path              : /opt/CA/VNA/wildfly/standalone/tmp/vfs/deployment/deployment999320e66001af6/syslog4j-0.9.46.jar-940a7d31e70df258/syslog4j-0.9.46.jar
  Installed version : 0.9.46
</plugin_output>"

Resolution

What is being flagged is actually not log4j but syslog4j which is a completely separate application.  On the website for syslog4j, http://www.syslog4j.org, it makes mention of the following:

 

December 10, 2021: Syslog4j does not share any base code with Log4j, so is not affected by the CVE-2021-44228 "Log4jShell" vulnerability.

Powered by Wolken Software