search cancel

Datapower extension agent Log4j

book

Article ID: 255463

calendar_today

Updated On:

Products

CA Application Performance Management (APM / Wily / Introscope)

Issue/Introduction

Using the Datapower agent with CA APM 10.7.  It appears from the log that maybe it is "Datapower extension Version 4.0.0" and "Agent Release 10.5.1.6 (Build 990006)".  The /opt/wily/DatapowerMonitor/lib/log4j-1.2.12.jar within the agent is being flagged as an old version by Nessus security scanning. 

Is there new version of the Datapower agent with the latest log4j?  Or do you have documentation that the agent is not vulnerable to the 3 findings below:

Scan Report:

Plugin 156032 Apache Log4j Unsupported Version Detection

Plugin 156103 Apache Log4j 1.2 JMSAppender Remote Code Execution (CVE-2021-4104)

Plugin 156860 Apache Log4j 1.x Multiple Vulnerabilities (CVE-2019-17571;CVE-2020-9488;CVE-2022-23302;CVE-2022-23305;CVE-2022-23307)

Security Team recommended fix is: Upgrade to a version of Apache Log4j that is currently supported. Upgrading to the latest versions for Apache Log4j is highly recommended as intermediate versions / patches have known high severity vulnerabilities and the vendor is updating their advisories often as new research and knowledge about the impact of Log4j is discovered. Refer to https://logging.apache.org/log4j/2.x/security.html for the latest versions.

Upgrade to Apache Log4j version 2.16.0 or later since 1.x is end of life. Upgrading to the latest versions for Apache Log4j is highly recommended as intermediate versions / patches have known high severity vulnerabilities and the vendor is updating their advisories often as new research and knowledge about the impact of Log4j is discovered. Refer to https://logging.apache.org/log4j/2.x/security.html for the latest versions.

 

From the Datapower Log:

 [INFO] [com.wily.field.dpmon.DataPowerMonitor] Copyright (c) 2016 CA. All Rights Reserved
 [INFO] [com.wily.field.dpmon.DataPowerMonitor] Introscope(R) is a registered trademark of CA.
 [INFO] [com.wily.field.dpmon.DataPowerMonitor] Datapower extension Version 4.0.0
 [INFO] [com.wily.field.dpmon.DataPowerMonitor] Starting Introscope Datapower Agent...
 [INFO] [com.wily.field.dpmon.DataPowerMonitor] Started polling Datapower Device URL=https://x.x.x.x:xx/service/mgmt/xx
 [INFO] [IntroscopeAgent.Agent] Agent Release 10.5.1.6 (Build 990006)
 [INFO] [IntroscopeAgent.Agent] Using Java VM version "Java HotSpot(TM) 64-Bit Server VM 1.8.0_351"
from Oracle Corporation

Environment

Release : 10.7.0

Resolution

The 22.3/10.8 agent will work with APM 10.7 and does come with the Data Power Extension