ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

CVE-2021-4104 Log4j Vulnerability in Service Management

book

Article ID: 236890

calendar_today

Updated On:

Products

CA Service Desk Manager

Issue/Introduction

Vulnerability scans may show Service Management Files as vulnerable to CVE-2021-4104

Customers want to know if any Service Management Products are vulnerable.

Cause

Scanners can detect the presence of log4j files and their versions, but they can not tell if JMSAppender is used.

Environment

Release : 17.3RU11 and up

Component : SDM - Vulnerability

Resolution

L2 has informed us that JMSAppender is not used in Service Management and therefore there is no vulnerability to CVE-2021-4104