Potential log4j-jboss-logmanager-1.2.0.Final-redhat-00001.jar vulnerability
search cancel

Potential log4j-jboss-logmanager-1.2.0.Final-redhat-00001.jar vulnerability

book

Article ID: 404952

calendar_today

Updated On:

Products

CA Identity Suite

Issue/Introduction

log4j-jboss-logmanager-1.2.0.Final-redhat-00001.jar under jboss-eap-7.4/modules/system/layers/base/org/jboss/log4j/logmanager/main/log4j-jboss-logmanager-1.2.0.Final-redhat-00001.jar
Installed version                      : 1.2.0
Security End of Life                   : August 5, 2015
Time since Security End of Life (Est.): >= 9 years

has been EOL, and can be a potentially vulnerable

Environment

Identity Manager 14.5 

Cause

If the application using log4j-jboss-logmanager-1.2.0.Final-redhat-00001.jar also incorporates or depends on a vulnerable version of Apache Log4j2, then the Log4Shell vulnerability could be exploitable.  See  CVE-2021-44228

https://nvd.nist.gov/vuln/detail/cve-2021-44228

 

Resolution

Package log4j-jboss-logmanager-1.2.0.Final-redhat-00001.jar is part of  EAP 7.4 bundle from RedHat.  Please contact RedHat support for patch

Powered by Wolken Software