search cancel

AA uninstaller.jar related vulnerabilities called out when vulnerabilities scans are run

book

Article ID: 243758

calendar_today

Updated On:

Products

CA Strong Authentication CA Advanced Authentication CA Risk Authentication

Issue/Introduction

Advanced Authentication's uninstaller.jar related vulnerabilities pointing to Log4j 1.x usage  are called out when vulnerabilities scans are run.  

Environment

Release : 9.x

Component :Strong Authentication

Risk Authentication

Cause

uninstaller.jar contains references to Log4J 1.x version files that are deemed as vulnerable

Resolution

uninstaller.jar is related to installanywhere and this file is not related to product functionality or transaction processing, hence is not vulnerable as it cannot be exploited. 

To address the concerns (that are not consequential) raised by vulnerability scan, please follow the following steps.

1. As shown in the screen shot below. Please zip the five uninstall folders that are found in the <ARCOT_HOME> folder.

2. Backup the zip file(s) created in #1 above to a location away from the <ARCOT_HOME> folder.

3. Delete the five folders shown in screen shot in #1 above.

4. In future if an uninstall operation is needed then restore the uninstall folders as needed and then uninstall. Remember to remove the uninstall folders for a clean run of your vulnerability scans.

 

Attachments