Getting log4J error from the AdminUI in the /tmp location (XXXX/siteminder/adminui/standalone/tmp/vfs/deployment/deploymentaXXXX)
search cancel

Getting log4J error from the AdminUI in the /tmp location (XXXX/siteminder/adminui/standalone/tmp/vfs/deployment/deploymentaXXXX)

book

Article ID: 259725

calendar_today

Updated On:

Products

SITEMINDER CA Single Sign On Agents (SiteMinder) CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Federation (SiteMinder)

Issue/Introduction

Observed below log4j errors for the adminui in the below mentioned /tmp location. 

XXXX/siteminder/adminui/standalone/tmp/vfs/deployment/deploymenta19837770e696dd5/log4j-core-2.10.0.jar-8f8d028f5dc28fee/log4j-core-2.10.0.jar
XXXX/siteminder/adminui/standalone/tmp/vfs/deployment/deploymenta19837770e696dd5/log4j-core-2.10.0.jar-99d9f79e25b28a38/log4j-core-2.10.0.jar

Environment

Release: 12.8 SP2 (The above mentioned errors were reported)

Component: CA Siteminder AdminUI (WAMUI) release 12.8 SP6a and 12.8 SP7.


Resolution

With the 12.8 SP6a release, we shipped " log4j-core-2.17.1.jar " release log4j files.

With the 12.8 SP7 release, we shipped " log4j-core-2.17.2.jar " release log4j files.

Whenever we upgrade to latest releases (12.8 SP6a or 12.8 SP7), we do not need to update any log4j files manually either in the siteminder location or in the AdminUI location since we are shipping the latest log4j files with the OOTB (Out of the Box) solution.

Additional Information

For detailed Information, please go through the below document.

CVE-2021-44228: SiteMinder Resolution to the Log4j Vulnerability.

https://knowledge.broadcom.com/external/article/230270/cve202144228-siteminder-resolution-to-th.html

 

 

Powered by Wolken Software