Log4j vulnerabilities are being reported for log4j-1.2.16.jar from Nolio Release Automation
search cancel

Log4j vulnerabilities are being reported for log4j-1.2.16.jar from Nolio Release Automation

book

Article ID: 281164

calendar_today

Updated On:

Products

CA Release Automation - Release Operations Center (Nolio)

Issue/Introduction

A vulnerability scanner shows multiple vulnerabilities in the Nolio Release Automation servers for log4j-1.2.16.jar:
Path: /opt/deploy/es/ReleaseAutomationServer/NolioAgent/lib/log4j-1.2.16.jar Installed version : 1.2.16 Security End of Life : August 5, 2015 Time since Security End of Life (Est.) : >= 8 years
Path : /opt/deploy/es/ReleaseAutomationServer/NolioAgent/actionslib/log4j-1.2.16.jar Installed version : 1.2.16 Security End of Life : August 5, 2015 Time since Security End of Life (Est.) : >= 8 years
Path : /opt/deploy/es/ReleaseAutomationServer/NolioAgent/.install4j/user/log4j-1.2.16.jar Installed version : 1.2.16 Security End of Life : August 5, 2015 Time since Security End of Life (Est.) : >= 8 years
Threat: An unsupported version of Apache Log4j is installed on the remote host.

Environment

Release : 6.4

Component : Nolio Release Automation Agent

Resolution

The log4j-1.2.16.jar files are from the Nolio 6.4 agent.
Upgrade the Nolio servers and agent to 6.8 or 6.9

Powered by Wolken Software