search cancel

AA uninstaller.jar related vulnerabilities called out when vulnerabilities scans are run


Article ID: 243758


Updated On:


CA Strong Authentication CA Advanced Authentication CA Risk Authentication


Advanced Authentication's uninstaller.jar related vulnerabilities pointing to Log4j 1.x usage  are called out when vulnerabilities scans are run.  


Release : 9.x

Component :Strong Authentication

Risk Authentication


uninstaller.jar contains references to Log4J 1.x version files that are deemed as vulnerable


uninstaller.jar is related to installanywhere and this file is not related to product functionality or transaction processing, hence is not vulnerable as it cannot be exploited. 

To address the concerns (that are not consequential) raised by vulnerability scan, please follow the following steps.

1. As shown in the screen shot below. Please zip the five uninstall folders that are found in the <ARCOT_HOME> folder.

2. Backup the zip file(s) created in #1 above to a location away from the <ARCOT_HOME> folder.

3. Delete the five folders shown in screen shot in #1 above.

4. In future if an uninstall operation is needed then restore the uninstall folders as needed and then uninstall. Remember to remove the uninstall folders for a clean run of your vulnerability scans.