CVE-2021-44832 log4j-core-2.17.0.jar Vulnerability found on Windows client
search cancel

CVE-2021-44832 log4j-core-2.17.0.jar Vulnerability found on Windows client

book

Article ID: 266602

calendar_today

Updated On:

Products

CA Harvest Software Change Manager

Issue/Introduction

After updating to Harvest 14.0.2 in Windows the following file is detected as vulnerable to the following CVE:

CVE-2021-44832 

Apache Log4j Core 2.17.0 (SCM\configuration\org.eclipse.osgi\4\0\.cp\log4j-core-2.17.0.jar)

The file is generated again after logging out of workbench and checking in a file.

Environment

Release : 14.0.2

Resolution

SE team provided code fix which upgrades the version of log4j deployed.