CVE-2020-9488 - log4j vulnerabilities and Dollar Universe
search cancel

CVE-2020-9488 - log4j vulnerabilities and Dollar Universe

book

Article ID: 246588

calendar_today

Updated On: 10-07-2023

Products

CA Automic Dollar Universe

Issue/Introduction

Kindly help to check and assess if Dollar Universe is impacted with below mentioned Log4j CVE's

CVE-2020-9488 is a moderate severity issue with the SMTPAppender. Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender.

Environment

Release : 6.x

Component :Dollar Universe

Resolution

The current vulnerability holds a severity rating low https://nvd.nist.gov/vuln/detail/CVE-2020-9488 and is not reflected in our security scan as it is related to SMTP appender and it is not used in Dollar Universe Product, henceforth $U is not impacted by the vulnerability.