Check the impact of "Remote Code Execution Vulnerability in Logback (CVE-2021-42550)"
search cancel

Check the impact of "Remote Code Execution Vulnerability in Logback (CVE-2021-42550)"

book

Article ID: 231847

calendar_today

Updated On:

Products

DX Unified Infrastructure Management (Nimsoft / UIM)

Issue/Introduction

There is a known content as a security vulnerability for using logback.

CVE-2021-42550
    - https://cve.report/CVE-2021-42550
 - https://logback.qos.ch/news.html

Currently, the following files are found in the hub of UIM 20.3.3 in Windows Server.

c:\Program Files (x86)\Nimsoft\probes\service\automated_deployment_engine\lib\logback-classic-1.1.1.jar
c:\Program Files (x86)\Nimsoft\probes\service\automated_deployment_engine\lib\logback-core-1.1.1.jar
c:\Program Files (x86)\Nimsoft\probes\service\udm_manager\archivedFiles\2020-12-05 13-10-26\bin\logback.xml
c:\Program Files (x86)\Nimsoft\probes\service\udm_manager\bin\logback.xml
c:\Program Files (x86)\Nimsoft\probes\service\udm_manager\lib\logback-classic-1.0.13.jar
c:\Program Files (x86)\Nimsoft\probes\service\udm_manager\lib\logback-core-1.0.13.jar

The above information is affected by a security vulnerability (CVE-2021-42550) ?

 

Environment

Release : 20.3

Component : UNIFIED INFRASTRUCTURE MGMT

Resolution

The vulnerability is medium in Black duck which is fine .Also in 20.4 , we do not have log back vulnerability as reported above.