Identity Portal: unable to install Log42j hotfix
search cancel

Identity Portal: unable to install Log42j hotfix


Article ID: 236129


Updated On:


CA Identity Suite CA Identity Portal


Attempting to install the Identity Portal hotfix for Log4j:

The readme file explains how to install it:

However, there is no such folder <JBosss/Wildfly_HOME>/modules/com/ca/iam in the Identity Portal application server:

System started as 14.2  and through different upgrades is now at 14.4 level


Release : 14.4

Component : SIGMA-Identity Suite


Specific upgrade path does not include the relevant jars


In 14.2, installer did not include the log4j2 folder.

To upgrade to 14.4, customer followed the documentation for manual deployment of the war. As such, the folder in question (<JBosss/Wildfly_HOME>/modules/com/ca/iam) was never created

Without the log4j2 jars - the system is not vulnerable and does not require The patch addresses the Apache Log4j issues (CVE-2021-44228, CVE-2021-45105, CVE-2021-45046, CVE-2021-44832)

There won't be any functional impact however, in the standalone.xml the database password is visible in plain text - can you please confirm this is true in your local setup (standalone XML)

The instructions to encrypt the password in the datasource can be found here

Note: following the instructions above will place the vulnerable log4j jars and therefore they should be then patched.