PIM 12.9.x Log4j-2 CVE-2021-44228/CVE-2021-45046 Vulnerability and mitigation
search cancel

PIM 12.9.x Log4j-2 CVE-2021-44228/CVE-2021-45046 Vulnerability and mitigation

book

Article ID: 230668

calendar_today

Updated On:

Products

CA Privileged Identity Management Endpoint (PIM)

Issue/Introduction

Based on the recent vulnerability  Log4j 2 CVE-2021-44228/CVE-2021-45046

Additionally CVE-2021-44224  / CVE-2021-44790

documented here https://logging.apache.org/log4j/2.x/security.html , Privileged Identity Manager 12.9  is possibly vulnerable .The steps to mitigate the issues are documented below.

Note: the Endpoint software is not affected. 

Environment

PIM management servers, 12.9

Resolution

Locate and download the latest updated jar files to replace the vulnerable version from Apache. The screenshots below were taken in in 2021, but the newest version is log4j-XXX-2.22.1.jar as of February 2024.

https://logging.apache.org/log4j/2.x/download.html

Un-Zip the downloaded file to get the 2 needed files

Symantec Privileged Identity Manager 12.9.x customers can mitigate CVE-2021-44228 using the following steps:

You can download the PIM 12.9 patch here

Once you download the patch file, please extract the “EventForwarder-0.1-SNAPSHOT.jar” to a temporary location and follow the instructions below

Enterprise Management Server or Load Balance Enterprise Management Server

We have vulnerable jars in the following locations:

<USER_INSTALL_DIRECTORY>/Services/lib

Note: <USER_INSTALL_DIRECTORY> refers to the Privileged Identity Manager installation location

Example:

Windows: C:\Program Files\CA\AccessControlServer

Linux: /opt/CA/AccessControlServer

Mitigation:

  1. Stop Event Forwarder and Proxy Manager Services
  2. Remove the existing log4j-core-2.0-rc1.jar file from <USER_INSTALL_DIRECTORY>\Services\lib
  3. Remove the existing log4j-api-2.0-rc1.jar file from <USER_INSTALL_DIRECTORY>\Services\lib
  4. Copy the new log4j-api-2.xx.0.jar to <USER_INSTALL_DIRECTORY>\Services\lib
  5. Copy the new log4j-core-2.xx.0.jar to <USER_INSTALL_DIRECTORY>\Services\lib
  6. Backup the existing EventForwarder-0.1-SNAPSHOT.jar from <USER_INSTALL_DIRECTORY>/Services/EventForwarder\lib to temp location.
  7. Copy the updated EventForwarder-0.1-SNAPSHOT.jar to <USER_INSTALL_DIRECTORY>/Services/EventForwarder\lib
  8. Start the Event Forwarder and Proxy Manager Services

Distribution Server

We have vulnerable jars in the following locations:

<USER_INSTALL_DIRECTORY>/Services/lib

Note: <USER_INSTALL_DIRECTORY> refers to the Privileged Identity Manager installation location. 

Example:

Windows: C:\Program Files\CA\ AccessControlDistServer

Linux: /opt/CA/ AccessControlDistServer

Mitigation:

  1. Stop Event Forwarder Service.
  2. Remove the existing log4j-core-2.0-rc1.jar file from <USER_INSTALL_DIRECTORY>\Services\lib
  3. Remove the existing log4j-api-2.0-rc1.jar file from <USER_INSTALL_DIRECTORY>\Services\lib
  4. Copy the new log4j-core-2.xx.0.jar to <USER_INSTALL_DIRECTORY>\Services\lib
  5. Copy the new log4j-api-2.xx.0.jar to <USER_INSTALL_DIRECTORY>\Services\lib
  6. Backup the existing EventForwarder-0.1-SNAPSHOT.jar from <USER_INSTALL_DIRECTORY>/Services/EventForwarder\lib to temp location.
  7. Copy the updated EventForwarder-0.1-SNAPSHOT.jar to <USER_INSTALL_DIRECTORY>/Services/EventForwarder\lib
  8. Start the Event Forwarder Service.
Powered by Wolken Software