Apache log4j vulnerability on REPLACED folders
search cancel

Apache log4j vulnerability on REPLACED folders


Article ID: 231849


Updated On:


CA Service Management - Service Desk Manager


While testing for vulnerable versions of the Apache log4j libraries, some are found in the REPLACED folder, even after patching for the vulnerability.

Additionally, vulnerable files may be found in the temp folder 


Release : 17.3 and higher

Component :


Files in the REPLACED folder structure are merely backups of those replaced during the patch install.

They're not in the executable library path, so shouldn't cause a problem. However, if you wish to zip up / backup / delete them to stop the scanner setting an alarm of, you're welcome to do so.

Files in the temp folder are leftover from installation and can be deleted without issue