Are any of the components of Autosys Workload Automation affected by the log4j vulnerability that was announced recently - CVE-2021-4104?
All GA Versions of...
AutoSys Workload Automation (11.3.5, 11.3.6.x, 12.0, 12.0.1)
Workload Control Center (WCC) (11.3.5, 11.3.6, 11.4.x, 12.0, 12.0.1)
Workload Automation Agents (11.3.x, 11.4.x, 11.5,12.0)
Workload Automation iXP (11.3.x, 11.4)
Broadcom Engineering has confirmed that all GA versions of the following AutoSys components and related products are not affected by this vulnerability...
AutoSys Workload Automation - Scheduler, Application Server, Client, WebUI(WCC), AEWS (AutoSys Web Server), SOAP Web Server, Common Services (Csam, CCI, etc.)
Embedded Entitlements Manager (EEM)
Workload Automation System Agent and Plugins
Workload Automation iXP
The current GA versions of AutoSys are distributed with log4j 1.2.x (without JMSAppender enabled). Log4j 1.x configurations without JMSAppender are not impacted by this vulnerability.
References:
See Also...
CVE-2021-44228 - log4j Vulnerability and AutoSys Workload Automation, Workload Automation Agents, and Workload Automation iXP
https://knowledge.broadcom.com/external/article?articleId=230309
CVE-2021-45046 - log4j Vulnerability and AutoSys Workload Automation, Workload Automation Agents, And Workload Automation iXP
https://knowledge.broadcom.com/external/article?articleId=230677