APM 10.8 - Log4j 1.2.17 Out of Support, vulnerability scan
search cancel

APM 10.8 - Log4j 1.2.17 Out of Support, vulnerability scan

book

Article ID: 267330

calendar_today

Updated On:

Products

CA Application Performance Management (APM / Wily / Introscope)

Issue/Introduction

Scanned  APM 10.8 Server, found some issues with the current log4j version. 

The below scan results point to (3) locations on our Windows 2022 server where APM 10.8 is running:

Path              : C:\Introscope\product\webview\configuration\org.eclipse.osgi\14\0\.cp\lib\log4j-over-slf4j-1.7.31.jar

  Installed version : 1.2.17

 

  Path              : C:\Introscope\product\enterprisemanager\configuration\org.eclipse.osgi\17\0\.cp\lib\log4j-over-slf4j-1.7.31.jar

  Installed version : 1.2.17

 

  Path              : C:\Introscope\product\enterprisemanager\configuration\org.eclipse.osgi\13\0\.cp\WebContent\WEB-INF\lib\log4j-over-slf4j-1.7.31.jar

  Installed version : 1.2.17

Environment

  • Release: 10.8

Cause

  • Engineering has diagnosed and fixed the vulnerability

Resolution

The APM 10.8 SP1 contains the fix for this Security vulnerabilities found in Apache log4j 1.2rc1, 1.2.14 and 1.2.17.

Ref Attached Readme txt file.

Attachments

1686602763616__readme.txt get_app