PIM 14.0 Log4j-2 CVE-2021-44228 /CVE-2021-45046 Vulnerability and mitigation
search cancel

PIM 14.0 Log4j-2 CVE-2021-44228 /CVE-2021-45046 Vulnerability and mitigation

book

Article ID: 230670

calendar_today

Updated On:

Products

CA Privileged Identity Management Endpoint (PIM)

Issue/Introduction

Based on the recent vulnerability  Log4j 2 CVE-2021-44228 /CVE-2021-45046

Additionally CVE-2021-44224  / CVE-2021-44790

documented here https://logging.apache.org/log4j/2.x/security.html , Privileged Identity Manager 14.0  is possibly vulnerable . The steps to mitigate the issues are documented below.

Note: the Endpoint software is not affected. 

Environment

PIM Enterprise Management servers, 14.0

Resolution

Locate and download the latest updated jar files to replace the vulnerable version from Apache. The screenshots below were taken in in 2021, but the newest version is log4j-XXX-2.22.1.jar as of February 2024.

https://logging.apache.org/log4j/2.x/download.html

Un-Zip the downloaded file to get the 2 needed files

 

You can download the PIM 14.0  patch here

Remember to login to download the patch

Once you download the patch file, please extract the “EventForwarder-0.1-SNAPSHOT.jar” to a temporary location and follow the instructions below

Note: If you are using the NIM functionality with Privilege Identity Manager then please raise a support ticket

Enterprise Management Server or Load Balance Enterprise Management Server

We have vulnerable jars in the following locations:

     <USER_INSTALL_DIRECTORY>/Services/lib

    <USER_INSTALL_DIRECTORY>/apache-tomcat-7.0.72/webapps/ca-nim-sm/WEB-INF/lib

 Note:  <USER_INSTALL_DIRECTORY> refers to the Privileged Identity Manager installation location

Example:

Windows: C:\Program Files\CA\AccessControlServer

Linux: /opt/CA/AccessControlServer

Mitigation:

  1. Stop Event Forwarder and Proxy Manager Services.
  2. Remove the existing log4j-core-2.0-rc1.jar file from <USER_INSTALL_DIRECTORY>\Services\lib
  3. Remove the existing log4j-api-2.0-rc1.jar file from <USER_INSTALL_DIRECTORY>\Services\lib
  4. Copy the new log4j-core-2.xx.0.jar to <USER_INSTALL_DIRECTORY>\Services\lib
  5. Copy the new log4j-api-2.xx.0.jar to <USER_INSTALL_DIRECTORY>\Services\lib
  6. Backup the existing EventForwarder-0.1-SNAPSHOT.jar from <USER_INSTALL_DIRECTORY>/Services/EventForwarder\lib to temp location.
  7. Copy the updated EventForwarder-0.1-SNAPSHOT.jar to <USER_INSTALL_DIRECTORY>/Services/EventForwarder\lib
  8. Start the Event Forwarder and Proxy Manager Services.
  9. Stop the Apache Tomcat Service.
  10. Navigate to <USER_INSTALL_DIRECTORY>/apache-tomcat-7.0.72/webapps
  11. Delete ca-nim-sm folder.
  12. Delete ca-nim-sm.war file.
  13. Start the Apache Tomcat Service  

Distribution Server

We have vulnerable jars in the following locations:

     <USER_INSTALL_DIRECTORY>/Services/lib

 Note:  <USER_INSTALL_DIRECTORY> refers to the Privileged Identity Manager installation location

Example:

Windows: C:\Program Files\CA\ AccessControlDistServer

Linux: /opt/CA/ AccessControlDistServer

Mitigation:

  1. Stop Event Forwarder Service.
  2. Remove the existing log4j-core-2.0-rc1.jar file from <USER_INSTALL_DIRECTORY>\Services\lib
  3. Remove the existing log4j-api-2.0-rc1.jar file from <USER_INSTALL_DIRECTORY>\Services\lib
  4. Copy the new log4j-core-2.xx.0.jar to <USER_INSTALL_DIRECTORY>\Services\lib
  5. Copy the new log4j-api-2.xx.0.jar to <USER_INSTALL_DIRECTORY>\Services\lib
  6. Backup the existing EventForwarder-0.1-SNAPSHOT.jar from <USER_INSTALL_DIRECTORY>/Services/EventForwarder\lib to temp location.
  7. Copy the updated EventForwarder-0.1-SNAPSHOT.jar to <USER_INSTALL_DIRECTORY>/Services/EventForwarder\lib
  8. Start the Event Forwarder Service

 

Powered by Wolken Software