Are any of the components of Autosys Workload Automation affected by the log4j vulnerability that was announced recently - CVE-2021-45046
All GA Versions of...
AutoSys Workload Automation (11.3.5, 11.3.6.x, 12.0, 12.0.1)
Workload Control Center (WCC) (11.3.5, 11.3.6, 11.4.x, 12.0, 12.0.1)
Workload Automation Agents (11.3.x, 11.4.x, 11.5,12.0)
Workload Automation iXP (11.3.x, 11.4)
EEM (12.5.1, 12.6.x)
Broadcom Engineering has confirmed that all GA versions of the following AutoSys components and related products are not affected by this vulnerability...
AutoSys Workload Automation - Scheduler, Application Server, Client, WebUI(WCC), AEWS (AutoSys Web Server), SOAP Web Server, Common Services (Csam, CCI, etc.)
Embedded Entitlements Manager (EEM)
Workload Automation System Agent and Plugins
Workload Automation iXP
These products are distributed with log4j 1.x, which is not impacted by this vulnerability.
Reference: https://logging.apache.org/log4j/2.x/security.html
See Also...
CVE-2021-44228 - log4j Vulnerability and AutoSys Workload Automation, Workload Automation Agents, and Workload Automation iXP
https://knowledge.broadcom.com/external/article?articleId=230309
CVE-2021-4104 - log4j Vulnerability and AutoSys Workload Automation, Workload Automation Agents, And Workload Automation iXP
https://knowledge.broadcom.com/external/article?articleId=230680