Removing of items in $NXROOT/Replaced and $NXROOT/Temp directory
Article ID: 238997
Updated On:
Products
Issue/Introduction
After a security scan, we found these files show up in log4j vulnerabilities
| D:\Program Files (x86)\CA\Service Desk Manager\REPLACED\HYD-368_CUM_C.OLD\java\lib\log4j-core-2.3.jar |
| D:\Program Files (x86)\CA\Service Desk Manager\REPLACED\HYD-605_CUM_C.OLD\java\lib\log4j-core-2.12.0.jar |
| D:\Program Files (x86)\CA\Service Desk Manager\REPLACED\HYD-617_CUM_C.OLD\bopcfg\www\CATALINA_BASE\webapps\AMS\WEB-INF\lib\log4j-core-2.10.0.jar |
| D:\Program Files (x86)\CA\Service Desk Manager\REPLACED\HYD-617_CUM_C.OLD\java\lib\log4j-core-2.12.0.jar |
| D:\Program Files (x86)\CA\Service Desk Manager\temp\hyd-368_cum_C\log4j-core-2.12.0.jar |
| D:\Program Files (x86)\CA\Service Desk Manager\temp\hyd-605_cum_C\log4j-core-2.12.0.jar |
can we delete them?
Environment
Release : 17.3
Component : SDM - Install/Upgrade/Configuration
Resolution
Files under REPLACED folder are for un-installation purpose so instead of deleting them, we recommend move them to a portable disk like a USB...in case you need to un-install you can drop them back from portable disk.
For files in SDM temp folder, they are left over from installation and you can delete them.
Additional Information
If any of the files from the security scan are found outside of the <NXROOT>\Temp or <NXROOT>\REPLACED folders, compare with a clean installation of the new version of SDM. If those files are not found in a clean installation, they are left-overs from the previous version and can safely be deleted.
Feedback
