ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Verifying Log4j version/vulnerability - 12.1 Web Viewer

book

Article ID: 236769

calendar_today

Updated On:

Products

Output Management Web Viewer

Issue/Introduction

I am installing Build 221 this Saturday and wanted to know how I verify any possible vulnerability after the install or what file to check on the server.

How to verify that the invulnerable log4j was installed?

Environment

Release : 12.1

Component : OUTPUT MANAGEMENT WEB VIEWER FOR ALL PLATFORMS

Resolution

Log into the application and click the "About" link in the lower right corner and if it says you're at Build 221, then you have the later, invulnerable version of log4j. 

The other way to check is, to navigate to where Web Viewer is installed and list the contents of the C:\Program Files\CA\CA_OM_Web_Viewer\apache-tomcat-9.0.54\webapps\CAOMWebViewer12\WEB-INF\lib folder (or similar if on other than a Windows Server), and look for files with names like log4j-*-2.17.1.jar. 2.17 is the version of the invulnerable log4j.