We run Nessus Vulnerability Scan on the License Server(Windows Server 2016, version 1607, OS Build 14393.5989) and the report show the following vulnerabilities
Nessus Plugin ID 156103 - Apache Log4j 1.2 JMSAppender Remote Code Execution (CVE-2021-4104)
Nessus Plugin ID 156032 - Apache Log4j Unsupported Version Detection
Nessus Plugin ID 156860 - Log4j 1.x Multiple Vulnerabilities
After investigation, the following directory explicitly indicates log4j files.
C:\Program Files (x86)\CA\Identity Manager\Connector Server\data\cache\org.eclipse.osgi\bundles\172\1\.cp\
There are four log4j files in the .cp directory
log4j-1.2.16.jar (JAR File)
log4j-1.2.16.jar.bac2 (BAC2 File)
log4j-1.2.16.jar (Text Document)
log4j-1.2.16.jarbac3 (JARBAC3 File)
Why the files is needed?
Could we remove the file?
Release :
Set the connector service to manual.
Perform an OS level reboot. (in windows, click start, power, and choose reboot)
This should clear any of the locks that are on the files
When the OS is back up, remove anything in:
C:\Program Files (x86)\CA\Identity Manager\Connector Server\data\cache
Then change the service back to automatic
Then start the service.