Is ESP dSeries Workload Automation DE affected by the log4j vulnerability - CVE-2022-23305?
Release : 12.1, 12.2, 12.3
Component : ESP dSeries Workload Automation DE
Broadcom Engineering has confirmed that these GA versions of ESP dSeries Workload Automation DE are not affected by this vulnerability.
The current GA versions of ESP dSeries Workload Automation DE are distributed with log4j 1.2.x (without JDBCAppender enabled). Log4j 1.x configurations without JDBCAppender are not impacted by this vulnerability. To mitigate: audit your logging configuration to ensure it has no JDBCAppender configured. Log4j 1.x configurations without JDBCAppender are not impacted by this vulnerability.
ESP dSeries Workload Automation DE will be providing updated log4j 2.x libraries in a future release.