ump_cabi - jrs-rest-java-client-6.1.5-jar-with-dependencies.jar

search cancel

ump_cabi - jrs-rest-java-client-6.1.5-jar-with-dependencies.jar - log4j module with version : 1.2.17

book

Article ID: 242049

calendar_today

Updated On:

Products

DX Unified Infrastructure Management (Nimsoft / UIM) CA Unified Infrastructure Management On-Premise (Nimsoft / UIM) CA Unified Infrastructure Management SaaS (Nimsoft / UIM)

Issue/Introduction

During a recent scan we indented the following concern within the latest CABI environment:

nimsoft\probes\service\wasp\webapps\cabi\web-inf\lib\jrs-rest-java-client-6.1.5-jar-with-dependencies.jar installed version : 1.2.17

Inside jrs-rest-java-client-6.1.5-jar-with-dependencies.jar there is a log4j module with version : 1.2.17

Remediation

Upgrade to a version of apache log4j that is currently supported. Upgrading to the latest versions for apache log4j is highly recommended as intermediate versions / patches have known high severity vulnerabilities and the vendor is updating their advisories often as new research and knowledge about the impact of log4j is discovered. refer to https://logging.apache.org/log4j/2.x/security.html for the latest versions.

Environment

Release: 20.4/CU8/CU9
Component: UIM - CABI

Resolution

CVE-2021-4104 is resolved in UIM 20.4 CU10 and UIM 23.4

Feedback

thumb_up Yes

thumb_down No