Apache Log4j 2.0 Vulnerability (CVE-2021-44832) reported for Veritas InfoScale
Article ID: 100070526
Updated On:
Description
Error Message
There are no error messages.
The vulnerability scanner flags the Path: C:\Program Files\Veritas\VRTSsfmh\lib\jars\vmf\ for CVE-2021-44832
Cause
The vulnerability indicates the presence of the vulnerable Log4j library within the specified directory. The CVE-2021-44832 code signifies a specific security vulnerability in the Log4j 2.0 library, which could be exploited by attackers to execute arbitrary code or cause a denial of service.
Resolution
A hotfix is now available for this issue in the current version(s) of the product(s) mentioned. Refer to the Hotfix link under Related Articles to obtain the hotfix needed to resolve the issue.
Alternatively, remove the directory containing the vulnerable Log4j library. by navigating to C:\Program Files\Veritas\VRTSsfmh\lib\jars\ and deleting the vmf directory.
NOTE: If the impacted server is configured as a Managed Host (MH) for Veritas Infoscale Operations Manager (VIOM), it will continue to function as expected when either the Hotfix or the workaround is performed.
Issue/Introduction
For Veritas Infoscale on a Windows platform, a vulnerability (CVE-2021-44832) for Apache Log4j 2.0 has been reported.
Additional Information
SW Download: UPD329228
Was this article helpful?
Yes
No
Powered by
