CVE-2021-44832 log4j-core-2.17.0.jar Vulnerability found on Windows client
Article ID: 266602
Updated On: 10-10-2023
Products
CA Harvest Software Change Manager
Issue/Introduction
After updating to Harvest 14.0.2 in Windows the following file is detected as vulnerable to the following CVE:
CVE-2021-44832
Apache Log4j Core 2.17.0 (SCM\configuration\org.eclipse.osgi\4\0\.cp\log4j-core-2.17.0.jar)
The file is generated again after logging out of workbench and checking in a file.
Environment
Release : 14.0.2
Resolution
SE team provided code fix which upgrades the version of log4j deployed.
Feedback
Yes
No
Powered by
