wasp vulnerability log4j-1.2.17.jar
search cancel

wasp vulnerability log4j-1.2.17.jar


Article ID: 252929


Updated On:


DX Unified Infrastructure Management (Nimsoft / UIM) CA Unified Infrastructure Management On-Premise (Nimsoft / UIM) CA Unified Infrastructure Management SaaS (Nimsoft / UIM)


We have updated UIM to version 20.4 and we still detected this vulnerability on the Primary hub: 


The current wasp version is 20.44.


  • Release: 20.4
  • wasp 20.4.4


log4j 2.17.1 is not vulnerable. That is the reason we have upgraded all webapps with the log4j version 2.17.1. 

It is uncertain as to why your scan still shows the old version of log4j that is-> 1.2.17.

The log4j-1.2-api-2.17.1.jar is expected. This is a "compatibility bridge" between old (vulnerable) log4j 1.2 and new (not vulnerable) 2.17.1.

It itself is part of the 2.17.1 version and is safe/not vulnerable.

If you have this log4j1.2.17.jar on your system then this is probably a 'left over' artifact from a previous install/upgrade and it should be ok to delete.

Save a copy to your desktop or another safe place just for safekeeping then delete the log4j-1.2.17.jar under-> /opt/nimsoft/probes/service/wasp/lib/services

Additional Information

Resolution confirmed.