We have upgraded all PM instances to 21.2.12
Although Broadcom states that Log4J 1.x isn't vulnerable in the 21.2.12 release we still see it in these directories and files.
/opt/CA/IMDataAggregator/backup/apache-activemq/lib/optional/log4j-1.2.17.jar
/opt/CA/IMDataCollector/backup/apache-activemq/lib/optional/log4j-1.2.17.jar
This causes vulnerability issues based on our Qualys scanning.
DX NetOps Performance Management Data Aggregator still references log4j files in (default path) /opt/IMDataAggregator/backup directories.
DX NetOps Performance Management Data Collector still references log4j files in (default path) /opt/IMDataCollector/backup directories.
All supported DX NetOps Performance Management releases
The backup directory referenced contains files:
The files in the backup directory referenced are not needed nor are they used in any way for normal product operation. They can normally be deleted without impacting product operation or function.
Is the answer to these questions yes? If so the backup directory and it's contents can safely be deleted.