ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

log4j vulnerability remediation for apmia AWS extension


Article ID: 236836


Updated On:


CA Application Performance Management (APM / Wily / Introscope)


The 10.7 SP3 APMIA release includes apmia/extensions/AWSExtension/lib/external/log4j-1.2.17.jar.

We are mandated to remediate all components with log4j jars including this version.

Does Broadcom have a workaround or upgrade available to address this?


Release : 10.7.0

Component :


In our official communication below on log4j 1.2 vulnerability, 10.7 SP3 Agents are not affected by this because APM is using a forked and customized version of Log4j 1.2 which has been optimized and modified from the original Log4j .

1.2 and APM does not enable the SocketServer or JMSAppender classes.  This forked and customized version of Log4j 1.2 is maintained by Broadcom and does not rely on external support.