ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Service Operations Insight Log4J Vulnerabilities

book

Article ID: 238100

calendar_today

Updated On:

Products

CA Service Operations Insight (SOI)

Issue/Introduction

We have gotten a task from our Security people for vulnerabilities on our SOI UI server associated with:

 

Apache Log4j Unsupported Version Detection (156032)

 

Apache Log4j 1.x Multiple Vulnerabilities (156860)

File locations:

 


Path : D:\Program Files (x86)\CA\SOI\SamUI\lib\log4j-1.2.17.jar
Installed version : 1.2.17



Path : D:\Program Files (x86)\CA\SOI\SamUI\webapps\mobile.war
Installed version : 1.2.17



Path : D:\Program Files (x86)\CA\SOI\SamUI\webapps\mobile\WEB-INF\lib\log4j-1.2.17.jar
Installed version : 1.2.17



Path : D:\Program Files (x86)\CA\SOI\SamUI\webapps\sam\dashboard\WEB-INF\lib\log4j-1.2.17.jar
Installed version : 1.2.17



Path : D:\Program Files (x86)\CA\SOI\Patches\Replaced\SOI_4.2_CU1\SamUI\webapps\mobile.war
Installed version : 1.2.17



Path : D:\Program Files (x86)\CA\SOI\Patches\Replaced\SOI_4.2_CU1\SamUI\webapps\mobile\WEB-INF\lib\log4j-1.2.17.jar
Installed version : 1.2.17



Path : D:\Program Files (x86)\CA\SOI\Patches\Replaced\SO07936\SamUI\webapps\mobile.war
Installed version : 1.2.17



Path : D:\Program Files (x86)\CA\SOI\Tools\lib\log4j-1.2.14.jar
Installed version : 1.2.14



Path : D:\Program Files (x86)\CA\SOI\Tools\lib\log4j-1.2.17.jar
Installed version : 1.2.17



Path : D:\Program Files (x86)\CA\SOI\indexer\lib\log4j-1.2.17.jar
Installed version : 1.2.17



Path : D:\Program Files (x86)\CA\SOI\wso2registry.bak\lib\log4j-1.2.13.jar
Installed version : 1.2.13



Path : D:\Program Files (x86)\CA\SOI\wso2registry_bak\lib\log4j-1.2.13.jar
Installed version : 1.2.13



Path : D:\Program Files (x86)\CA\SOI\wso2registry\lib\log4j-1.2.13.jar
Installed version : 1.2.13



Path : D:\Program Files (x86)\CA\SOI_PreProd_RJ\wso2registry\lib\log4j-1.2.13.jar
Installed version : 1.2.13



Path : D:\Program Files (x86)\CA\SOI_PreProd_RJ\SamUI\webapps\mobile.war
Installed version : 1.2.17



Path : D:\Program Files (x86)\CA\SOI_PreProd_RJ\SamUI\webapps\mobile\WEB-INF\lib\log4j-1.2.17.jar
Installed version : 1.2.17



Path : D:\Program Files (x86)\CA\SOI_PreProd_RJ\SamUI\lib\log4j-1.2.17.jar
Installed version : 1.2.17



Path : D:\Program Files (x86)\CA\SOI_PreProd_RJ\Tools\lib\log4j-1.2.17.jar
Installed version : 1.2.17



Path : D:\Program Files (x86)\CA\SOI_PreProd_RJ\indexer\lib\log4j-1.2.17.jar
Installed version : 1.2.17

 

Environment

Release : 4.2

Component : Service Operations Insight (SOI) Manager

Resolution

Please review the following KDs reagrding the log4j vulnerabilities

https://knowledge.broadcom.com/external/article?articleId=236019

https://knowledge.broadcom.com/external/article/230292

https://knowledge.broadcom.com/external/article?articleId=236380

https://knowledge.broadcom.com/external/article?articleId=230849 


Dev confirmed the log4j upgrade will be part of CU4 tentative at the end of May.