CVE-2021-4104 - log4j vulnerabilities and Dollar Universe
search cancel

CVE-2021-4104 - log4j vulnerabilities and Dollar Universe

book

Article ID: 246590

calendar_today

Updated On:

Products

CA Automic Dollar Universe

Issue/Introduction

Kindly help to check and assess if Dollar-U is impacted with below mentioned Log4j CVE's

CVE-2021-4104 is a high severity deserialization vulnerability in JMSAppender. JMSAppender uses JNDI in an unprotected manner allowing any application using the JMSAppender to be vulnerable if it is configured to reference an untrusted site or if the site referenced can be accesseed by the attacker. For example, the attacker can cause remote code execution by manipulating the data in the LDAP store.

Environment

Release : 6.x

Component : Dollar Universe

Resolution

The reported vulnerability is related to JMS appender and it is not used in $U Product, henceforth $U is not impacted by the vulnerability.