Verifying Log4j version/vulnerability - 12.1 Web Viewer
Article ID: 236769
Updated On:
Products
Issue/Introduction
I am installing Build 221 this Saturday and wanted to know how I verify any possible vulnerability after the install or what file to check on the server.
How to verify that the invulnerable log4j was installed?
Environment
Release : 12.1
Component : OUTPUT MANAGEMENT WEB VIEWER FOR ALL PLATFORMS
Resolution
Log into the application and click the "About" link in the lower right corner and if it says you're at Build 221, then you have the later, invulnerable version of log4j.
The other way to check is, to navigate to where Web Viewer is installed and list the contents of the C:\Program Files\CA\CA_OM_Web_Viewer\apache-tomcat-9.0.54\webapps\CAOMWebViewer12\WEB-INF\lib folder (or similar if on other than a Windows Server), and look for files with names like log4j-*-2.17.1.jar. 2.17 is the version of the invulnerable log4j.
Feedback
