Log4j 1.x Multiple Vulnerabilities
search cancel

Log4j 1.x Multiple Vulnerabilities


Article ID: 270647


Updated On:


CA Identity Manager


We run Nessus Vulnerability Scan on the License Server(Windows Server 2016, version 1607, OS Build 14393.5989) and the report show the following vulnerabilities

Nessus Plugin ID 156103 - Apache Log4j 1.2 JMSAppender Remote Code Execution (CVE-2021-4104)
Nessus Plugin ID 156032 - Apache Log4j Unsupported Version Detection
Nessus Plugin ID 156860 - Log4j 1.x Multiple Vulnerabilities

After investigation, the following directory explicitly indicates log4j files.

C:\Program Files (x86)\CA\Identity Manager\Connector Server\data\cache\org.eclipse.osgi\bundles\172\1\.cp\

There are four log4j files in the .cp directory 
log4j-1.2.16.jar (JAR File)
log4j-1.2.16.jar.bac2 (BAC2 File)
log4j-1.2.16.jar (Text Document)
log4j-1.2.16.jarbac3 (JARBAC3 File)

Why the files is needed?
Could we remove the file?


Release :


Set the connector service to manual.

Perform an OS level reboot. (in windows, click start, power, and choose reboot)

   This should clear any of the locks that are on the files

When the OS is back up, remove anything in:

C:\Program Files (x86)\CA\Identity Manager\Connector Server\data\cache

Then change the service back to automatic

Then start the service.