ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.
CVE-2021-4104 Log4j Vulnerability in Service Management
Article ID: 236890
Updated On:
Products
CA Service Desk Manager
Issue/Introduction
Vulnerability scans may show Service Management Files as vulnerable to CVE-2021-4104
Customers want to know if any Service Management Products are vulnerable.
Cause
Scanners can detect the presence of log4j files and their versions, but they can not tell if JMSAppender is used.
Environment
Release : 17.3RU11 and up
Component : SDM - Vulnerability
Resolution
L2 has informed us that JMSAppender is not used in Service Management and therefore there is no vulnerability to CVE-2021-4104
Feedback
Yes
No
Powered by
