ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

CVE-2019-17571 log4j vulnerability and ESP dSeries Workload Automation DE

book

Article ID: 239812

calendar_today

Updated On:

Products

CA Workload Automation DE

Issue/Introduction

Is ESP dSeries Workload Automation DE affected by the log4j vulnerability - CVE-2019-17571?

Environment

Release : 12.1, 12.2, 12.3

Component : ESP dSeries Workload Automation DE

 

Resolution

Broadcom Engineering has confirmed that these GA versions of ESP dSeries Workload Automation DE are not affected by this vulnerability.

 

The current GA versions of ESP dSeries Workload Automation DE are distributed with log4j 1.2.x (without SocketServer enabled). Log4j 1.x configurations without SocketServer are not impacted by this vulnerability. To mitigate: audit your logging configuration to ensure it has no SocketServer configured. Log4j 1.x configurations without SocketServer are not impacted by this vulnerability.

 

ESP dSeries Workload Automation DE will be providing updated log4j 2.x libraries in a future release. 

 

Additional Information

References:

https://logging.apache.org/log4j/2.x/security.html

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17571

https://nvd.nist.gov/vuln/detail/CVE-2019-17571

 

Powered by Wolken Software