There is a known content as a security vulnerability for using logback.
CVE-2021-42550
- https://cve.report/CVE-2021-42550
- https://logback.qos.ch/news.html
Currently, the following files are found in the hub of UIM 20.3.3 in Windows Server.
c:\Program Files (x86)\Nimsoft\probes\service\automated_deployment_engine\lib\logback-classic-1.1.1.jar
c:\Program Files (x86)\Nimsoft\probes\service\automated_deployment_engine\lib\logback-core-1.1.1.jar
c:\Program Files (x86)\Nimsoft\probes\service\udm_manager\archivedFiles\2020-12-05 13-10-26\bin\logback.xml
c:\Program Files (x86)\Nimsoft\probes\service\udm_manager\bin\logback.xml
c:\Program Files (x86)\Nimsoft\probes\service\udm_manager\lib\logback-classic-1.0.13.jar
c:\Program Files (x86)\Nimsoft\probes\service\udm_manager\lib\logback-core-1.0.13.jar
The above information is affected by a security vulnerability (CVE-2021-42550) ?
Release : 20.3
Component : UNIFIED INFRASTRUCTURE MGMT
The vulnerability is medium in Black duck which is fine .Also in 20.4 , we do not have log back vulnerability as reported above.