AutoSys Workload Automation

 View Only
  • 1.  log4j-1.2.16.jar vulnerability in Autosys

    Posted Jun 01, 2022 02:35 AM
    Hi,

    We are using Workload Autosys AE version 11.3.6 and after checking the log4j library , we found the below path.

    /opt/CA/WorkloadAutomationAE/autosys/lib/log4j-1.2.16.jar

    So here, do we need to take any action for the log4j vulnerability ?

    Thanks,
    Subrat


  • 2.  RE: log4j-1.2.16.jar vulnerability in Autosys

    Posted Jun 02, 2022 11:51 AM
    Hi,

    I don't have an answer but have a similar concern.

    We've seen log4j throughout all of the different AutoSys components including the AutoSys Upgrade Assistant.

    I second the request for information/action.

    Thanks,
    Scott


  • 3.  RE: log4j-1.2.16.jar vulnerability in Autosys

    Posted Jun 02, 2022 02:57 PM
    Log4j fix was made available for r12SP1
    https://support.broadcom.com/web/ecx/solutiondetails?aparNo=99111357&os=MULTI-PLATFORM

    As for 11.3.6 SPx, you'll need to remove the vulnerable classes in the log4j-1.2.16.jar file (and various other jar files under WCC, EEM, Agent, etc) by hand. If you open a case with CA Support, they may provide you with a basic shell script that does the work. We have had to use a home-grown python tool to do the same.


  • 4.  RE: log4j-1.2.16.jar vulnerability in Autosys

    Posted Jun 03, 2022 01:47 AM
    Thanks Chandra for the details shared.
    Would you please let us  know if we can delete the log4j jars manually in 11.3.6 SPx ? If yes which are the paths and file to change ?


    Thanks,
    Subrat



  • 5.  RE: log4j-1.2.16.jar vulnerability in Autosys

    Posted Jun 03, 2022 03:34 AM
    Okay to remove log4j-1.2.16.jar on Autosys Client/Agent hosts.
    NOT okay to remove on hosts with Autosys Java SDK.
    Not OK to remove on AE Web services.
    Not OK to remove on WCC servers.
    Not OK to remove on EEM servers, if you have any.



  • 6.  RE: log4j-1.2.16.jar vulnerability in Autosys

    Posted Jun 09, 2022 08:33 AM
    Thanks much Chandra. We are removing log4j-1.2.16.jar from all our Client/Agent hosts.

    Here are the Autosys  services are running in our master instance autosys servers. What is the process here to deal with log4j (or) only way is to raise a case with CA ?

    CA Services Status Report

    Component Name Pid Status
    ------------------------------------ ------- --------------
    WAAE Application Server (EQA) 18328 running
    WAAE Scheduler (EQA) 18592 running
    WAAE Agent (WA_AGENT) 17570 running
    CA-wcc-services Server 6210 running
    CA-diadna Server 16092 running
    CA-CCI Server 16224 running
    CA-CCI Remote Server 16278 running
    CA-CCI Clean Up 16225 running
    CA-CCI Legacy Proxy 16226 running
    CA-WV Status Server 16962 running
    CA-wcc-db Server 7673 running
    CA-wcc Server 7713 running


  • 7.  RE: log4j-1.2.16.jar vulnerability in Autosys

    Posted Jun 09, 2022 08:33 AM
    Thanks much Chandra. We are removing the log4j-1.2.16.jar from all our Agent/Client hosts. But need your suggestion for the Master Autosys servers wherein we have Event Server present.

    Here are the services running in the master Autosys servers, Is there any specific process to deal with log4j in the master servers or only way is to raise a case with CA support ? Please suggest.


    CA Services Status Report

    Component Name Pid Status
    ------------------------------------ ------- --------------
    WAAE Application Server (EQA) 18328 running
    WAAE Scheduler (EQA) 18592 running
    WAAE Agent (WA_AGENT) 17570 running
    CA-wcc-services Server 6210 running
    CA-diadna Server 16092 running
    CA-CCI Server 16224 running
    CA-CCI Remote Server 16278 running
    CA-CCI Clean Up 16225 running
    CA-CCI Legacy Proxy 16226 running
    CA-WV Status Server 16962 running
    CA-wcc-db Server 7673 running
    CA-wcc Server 7713 running
     



  • 8.  RE: log4j-1.2.16.jar vulnerability in Autosys

    Posted Jun 09, 2022 08:33 AM
    Thanks CHandra for the details. We are removing the jar file from all Client/Agent hosts. But need your suggestion to deal with Event Server hosts wherein below services are running.

    Is there any specific process is there to deal with log4j in the master autosys(event server) hosts or only way is to raise a case with CA support ? Please suggest.

    CA Services Status Report

    Component Name Pid Status
    ------------------------------------ ------- --------------
    WAAE Application Server (EQA) 18328 running
    WAAE Scheduler (EQA) 18592 running
    WAAE Agent (WA_AGENT) 17570 running
    CA-wcc-services Server 6210 running
    CA-diadna Server 16092 running
    CA-CCI Server 16224 running
    CA-CCI Remote Server 16278 running
    CA-CCI Clean Up 16225 running
    CA-CCI Legacy Proxy 16226 running
    CA-WV Status Server 16962 running
    CA-wcc-db Server 7673 running
    CA-wcc Server 7713 running


  • 9.  RE: log4j-1.2.16.jar vulnerability in Autosys

    Broadcom Employee
    Posted Aug 09, 2022 09:22 PM
    Hi,

    Recently published patches that include log4j updates:

    Regards,
    Mike