CVE-2021-4104 - log4j Vulnerability and AutoSys Workload Automation, Workload Automation Agents, And Workload Automation iXP

search cancel

CVE-2021-4104 - log4j Vulnerability and AutoSys Workload Automation, Workload Automation Agents, And Workload Automation iXP

book

Article ID: 230680

calendar_today

Updated On:

Products

CA Workload Automation AE - Scheduler (AutoSys) CA Workload Automation AE - System Agent (AutoSys) CA Workload Automation AE - Business Agents (AutoSys) CA Workload Automation iXP

Issue/Introduction

Impact of CVE-2021-4104 on Autosys Workload Automation

Environment

AutoSys Workload Automation / WCC (WebUI)

Workload Automation Agents

Workload Automation iXP

Resolution

Broadcom Engineering has confirmed that all GA versions of the following AutoSys components and related products are not affected by this vulnerability...

AutoSys Workload Automation - Scheduler, Application Server, Client, WebUI(WCC), AEWS (AutoSys Web Server), SOAP Web Server, Common Services (Csam, CCI, etc.)
Embedded Entitlements Manager (EEM)
Workload Automation System Agent and Plugins
Workload Automation iXP

It is also recommended to upgrade to latest GA version of the above products / apply latest maintenance. The current GA versions of AutoSys are distributed with log4j 1.2.x (without JMSAppender enabled). Log4j 1.x configurations without JMSAppender are not impacted by this vulnerability.

References:

Security

CVE-2021-4104

Additional Information

CVE-2021-45046 - log4j Vulnerability and AutoSys Workload Automation, Workload Automation Agents, And Workload Automation iXP

Feedback

thumb_up Yes

thumb_down No