We have gotten a task from our Security people for vulnerabilities on our SOI UI server associated with:
File locations:
Path : D:\Program Files (x86)\CA\SOI\SamUI\lib\log4j-1.2.17.jar
Installed version : 1.2.17
Path : D:\Program Files (x86)\CA\SOI\SamUI\webapps\mobile.war
Installed version : 1.2.17
Path : D:\Program Files (x86)\CA\SOI\SamUI\webapps\mobile\WEB-INF\lib\log4j-1.2.17.jar
Installed version : 1.2.17
Path : D:\Program Files (x86)\CA\SOI\SamUI\webapps\sam\dashboard\WEB-INF\lib\log4j-1.2.17.jar
Installed version : 1.2.17
Path : D:\Program Files (x86)\CA\SOI\Patches\Replaced\SOI_4.2_CU1\SamUI\webapps\mobile.war
Installed version : 1.2.17
Path : D:\Program Files (x86)\CA\SOI\Patches\Replaced\SOI_4.2_CU1\SamUI\webapps\mobile\WEB-INF\lib\log4j-1.2.17.jar
Installed version : 1.2.17
Path : D:\Program Files (x86)\CA\SOI\Patches\Replaced\SO07936\SamUI\webapps\mobile.war
Installed version : 1.2.17
Path : D:\Program Files (x86)\CA\SOI\Tools\lib\log4j-1.2.14.jar
Installed version : 1.2.14
Path : D:\Program Files (x86)\CA\SOI\Tools\lib\log4j-1.2.17.jar
Installed version : 1.2.17
Path : D:\Program Files (x86)\CA\SOI\indexer\lib\log4j-1.2.17.jar
Installed version : 1.2.17
Path : D:\Program Files (x86)\CA\SOI\wso2registry.bak\lib\log4j-1.2.13.jar
Installed version : 1.2.13
Path : D:\Program Files (x86)\CA\SOI\wso2registry_bak\lib\log4j-1.2.13.jar
Installed version : 1.2.13
Path : D:\Program Files (x86)\CA\SOI\wso2registry\lib\log4j-1.2.13.jar
Installed version : 1.2.13
Path : D:\Program Files (x86)\CA\SOI_PreProd_RJ\wso2registry\lib\log4j-1.2.13.jar
Installed version : 1.2.13
Path : D:\Program Files (x86)\CA\SOI_PreProd_RJ\SamUI\webapps\mobile.war
Installed version : 1.2.17
Path : D:\Program Files (x86)\CA\SOI_PreProd_RJ\SamUI\webapps\mobile\WEB-INF\lib\log4j-1.2.17.jar
Installed version : 1.2.17
Path : D:\Program Files (x86)\CA\SOI_PreProd_RJ\SamUI\lib\log4j-1.2.17.jar
Installed version : 1.2.17
Path : D:\Program Files (x86)\CA\SOI_PreProd_RJ\Tools\lib\log4j-1.2.17.jar
Installed version : 1.2.17
Path : D:\Program Files (x86)\CA\SOI_PreProd_RJ\indexer\lib\log4j-1.2.17.jar
Installed version : 1.2.17
Release : 4.2
Component : Service Operations Insight (SOI) Manager
Please review the following KDs reagrding the log4j vulnerabilities
https://knowledge.broadcom.com/external/article?articleId=236019
https://knowledge.broadcom.com/external/article/230292
https://knowledge.broadcom.com/external/article?articleId=236380
https://knowledge.broadcom.com/external/article?articleId=230849
Dev confirmed the log4j upgrade will be part of CU4 tentative at the end of May.