CVE-2021-45046 - log4j Vulnerability and AutoSys Workload Automation, Workload Automation Agents, And Workload Automation iXP
search cancel

CVE-2021-45046 - log4j Vulnerability and AutoSys Workload Automation, Workload Automation Agents, And Workload Automation iXP

book

Article ID: 230677

calendar_today

Updated On:

Products

CA Workload Automation AE - Scheduler (AutoSys) CA Workload Automation AE - System Agent (AutoSys) CA Workload Automation AE - Business Agents (AutoSys) CA Workload Automation iXP

Issue/Introduction

Are any of the components of Autosys Workload Automation affected by the log4j vulnerability that was announced recently - CVE-2021-45046

Environment

All GA Versions of...


AutoSys Workload Automation (11.3.5, 11.3.6.x, 12.0, 12.0.1)

Workload Control Center (WCC) (11.3.5, 11.3.6, 11.4.x, 12.0, 12.0.1)

Workload Automation Agents (11.3.x, 11.4.x, 11.5,12.0)

Workload Automation iXP (11.3.x, 11.4)

EEM (12.5.1, 12.6.x)

Resolution

Broadcom Engineering has confirmed that all GA versions of the following AutoSys components and related products are not affected by this vulnerability...

AutoSys Workload Automation - Scheduler, Application Server, Client, WebUI(WCC), AEWS (AutoSys Web Server), SOAP Web Server, Common Services (Csam, CCI, etc.)
Embedded Entitlements Manager (EEM)
Workload Automation System Agent and Plugins
Workload Automation iXP

These products are distributed with log4j 1.x, which is not impacted by this vulnerability.

Reference: https://logging.apache.org/log4j/2.x/security.html

Additional Information

See Also...

CVE-2021-44228 - log4j Vulnerability and AutoSys Workload Automation, Workload Automation Agents, and Workload Automation iXP
https://knowledge.broadcom.com/external/article?articleId=230309

CVE-2021-4104 - log4j Vulnerability and AutoSys Workload Automation, Workload Automation Agents, And Workload Automation iXP
https://knowledge.broadcom.com/external/article?articleId=230680