ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Log4j 2.17 embedded in Siteminder component

book

Article ID: 236904

calendar_today

Updated On:

Products

SITEMINDER CA Single Sign On Secure Proxy Server (SiteMinder)

Issue/Introduction

 

Which version of CA Access Gateway (SPS) has embedded log4J 2.17 or
latest which will not require any mitigations for SSO & Access Gateway
?

 

Resolution

 

Log4j 2.17 is already provided in all the Siteminder component
12.8SP6a (1).

Download CA Access Gateway (SPS) 12.8SP6a are available (2).
Download AdminUI and Policy Server 12.8SP6a are available (3).

 

Additional Information

 

(1)

    Change to Existing Features in 12.8.06a

      | Third-party Component | CVE Resolved                              |
      |-----------------------+-------------------------------------------|
      | Apache log4j 2.17.1   | CVE-2021-44228, CVE-2021-44832, CVE-2021- |
      |                       | 45046, CVE-2021-45105                     |

    https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/release-notes/Changes-to-Existing-Features/changes-to-existing-features-in-12-8-06a.html

(2)

    SSO ACCESS GATEWAY R12.8 SP06a [#2658]
    https://support.broadcom.com/web/ecx/solutiondetails?aparNo=99111419&os=MULTI-PLATFORM

(3)

    SSO POLICYSERVER R12.8 SP06a [#2658]
    https://support.broadcom.com/web/ecx/solutiondetails?aparNo=99111420&os=MULTI-PLATFORM