How to solve the vulnerability "Apache Log4j Unsupported Version Detection" in OneClick / Report manager server?
search cancel

How to solve the vulnerability "Apache Log4j Unsupported Version Detection" in OneClick / Report manager server?

book

Article ID: 251797

calendar_today

Updated On:

Products

CA Infrastructure Management CA Spectrum DX NetOps

Issue/Introduction

Security Scan flags the following for vulnerabilities:

F:\Spectrum\Install-Tools\SRM-Tools\jasper\jrs-rest-java-client-6.2.0-jar-with-dependencies.jar

Environment

DX NetOps Spectrum Release : 21.2.x, 22.2.1 & 22.2.2

Cause

Vulnerability Reference:

IAVA | Information Assurance Vulnerability Alert:

  • 0001-A-0650, 2021-A-0573, 2021-A-0598

Resolution

Level 2 Sustaining is addressing this issue by updating the java REST client which will update the jrs-rest-java-client-6.2.0-jar-with-dependencies.jar to a later version and address this vulnerability.

This will be available in an upcoming release of Spectrum (current release as of time of writing - 22.2.2, so vulnerability fix will be available in a later version to this).

Powered by Wolken Software