CVE-2021-45105: Automic Automation and log4j vulnerability
search cancel

CVE-2021-45105: Automic Automation and log4j vulnerability

book

Article ID: 230967

calendar_today

Updated On:

Products

CA Automic Workload Automation - Automation Engine

Issue/Introduction

This newly reported vulnerability does not apply to any Automic components.
All components released last week and today already contain log4j version 2.16 which has the log4j2.enableJndi set to FALSE.

Automic also does not utilize the context lookups as described on the Apache page.

Environment

Release : 12.3

Component : AUTOMATION ENGINE

Resolution

The mitigation steps from KB 230308 still apply.

Additional Information

Broadcom plans delivering new versions of the different components containing log4j 2.16 with an updated version of log4j in the weeks to come.