Verifying Log4j version that is not vulnerable OM Web Viewer 12.1
Article ID: 236769
Updated On:
Products
Issue/Introduction
I am installing a new build and want to know how I verify any possible vulnerability after the install or what file to check on the server.
How to verify that the invulnerable log4j was installed?
Environment
Output Management Web Viewer 12.1
Resolution
Log into the application and click the "About" link in the lower right corner and if it says you're at Build 221 or later, then you have the later, invulnerable version of log4j.
The other way to check is, to navigate to where Web Viewer is installed and list the contents of the C:\Program Files\CA\CA_OM_Web_Viewer\apache-tomcat-9.0.54\webapps\CAOMWebViewer12\WEB-INF\lib folder (or similar if on other than a Windows Server), and look for files with names like log4j-*-2.17.1.jar. 2.17 is the version of the invulnerable log4j.
Feedback
