EOL/Obsolete Software: Apache Log4j 1.X Detected in affwebservices
search cancel

EOL/Obsolete Software: Apache Log4j 1.X Detected in affwebservices

book

Article ID: 239905

calendar_today

Updated On: 06-12-2023

Products

SITEMINDER

Issue/Introduction

 

The log4j-1.2.17.jar file exist in affewbservices application. This file has reached EOL since 2015. Below is the path:

/opt/CA/smuser/secure-proxy/Tomcat/webapps/affwebservices/WEB-INF/lib/log4j-1.2.17.jar

 

Apache URL: Log4j – Apache Log4j Security Vulnerabilities

Log4j 1.x has reached End of Life in 2015 and is no longer supported. Vulnerabilities reported after August 2015 against Log4j 1.x were not checked and will not be fixed. Users should upgrade to Log4j 2 to obtain security fixes.

 

What does Broadcom vendor recommend the customers should do ?

 

 

Environment

SPS: 12.8 SP4

rhel7.9

Resolution

this file can be safely removed from the system without any impact to siteminder or affwebservice.