Related Tips & Info

Support Tip: CVE-2021-44228 & CVE-2021-45046 log4j vulnerability for Micro Focus classic CMS

JRoth
0 Likes

A potential vulnerability has been identified in the Apache log4j library used by Micro Focus classic Universal CMDB and Universal Discovery Probe.

The vulnerabilities could be exploited to allow remote code execution.
CVE References: CVE-2021-44228, CVE-2021-45046

SUPPORTED SOFTWARE VERSIONS (ONLY impacted versions are listed):
Micro Focus Universal CMDB and Universal Discovery Probe – versions
2021.11, 2021.05, 2020.11, 2020.08, 2020.05, 2020.02, 2019.11, 2019.05, 2019.02, 2018.11, 2018.08, 2018.05, 11.0

Note: in all versions, CMS UI (UCMDB Browser), UD Agent, Scanner, SSA, CMS Gateway and Local Client components do not use a version of log4j that has these vulnerabilities, or do not use log4j, so no remediation action needed for these components.

Read the full support tip here.


Jessica Roth
Micro Focus Community Manager
If this answered your question, please mark it as "Suggest as Answer" or "Verify as Answer".
If you found this post useful, please give it a "Like".

Labels:

Support Tip
Comment List
Anonymous
Related Discussions
Recommended

Resources

Support
Documentation
Training
CyberRes Academy
Partner Portal
Contact us
Compliance
Help
Company
Privacy Policy
Terms of Use
Accessibility
Anti-Slavery Statement
Support
How To Buy
Careers
Investor Relations
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.