After a security scan, we found these files show up in log4j vulnerabilities
D:\Program Files (x86)\CA\Service Desk Manager\REPLACED\HYD-368_CUM_C.OLD\java\lib\log4j-core-2.3.jar |
D:\Program Files (x86)\CA\Service Desk Manager\REPLACED\HYD-605_CUM_C.OLD\java\lib\log4j-core-2.12.0.jar |
D:\Program Files (x86)\CA\Service Desk Manager\REPLACED\HYD-617_CUM_C.OLD\bopcfg\www\CATALINA_BASE\webapps\AMS\WEB-INF\lib\log4j-core-2.10.0.jar |
D:\Program Files (x86)\CA\Service Desk Manager\REPLACED\HYD-617_CUM_C.OLD\java\lib\log4j-core-2.12.0.jar |
D:\Program Files (x86)\CA\Service Desk Manager\temp\hyd-368_cum_C\log4j-core-2.12.0.jar |
D:\Program Files (x86)\CA\Service Desk Manager\temp\hyd-605_cum_C\log4j-core-2.12.0.jar |
can we delete them?
Release : 17.3
Component : SDM - Install/Upgrade/Configuration
Files under REPLACED folder are for un-installation purpose so instead of deleting them, we recommend move them to a portable disk like a USB...in case you need to un-install you can drop them back from portable disk.
For files in SDM temp folder, they are left over from installation and you can delete them.
If any of the files from the security scan are found outside of the <NXROOT>\Temp or <NXROOT>\REPLACED folders, compare with a clean installation of the new version of SDM. If those files are not found in a clean installation, they are left-overs from the previous version and can safely be deleted.