search cancel

discovery_agent log4j 1.2.17

book

Article ID: 240713

calendar_today

Updated On:

Products

DX Unified Infrastructure Management (Nimsoft / UIM)

Issue/Introduction

Nexus scan detect discovery_agent probe using log4j v1.2.17. They advise to upgrade to supported version. Does above version affected by zero day vulnerability?

 

Environment

Release :

Component :

Resolution

Log4j Zero day vulnerability affects only log4j 2.x:

https://nvd.nist.gov/vuln/detail/CVE-2021-44228

So log4j 1.2.17 is not affected by that. 

We are also planning to migrate to log4j 2.x in future release. 

However discovery_agent is also updated to log4j 2.17.1 in UIM 20.4 CU3