We have updated UIM to version 20.4 and we still detected this vulnerability on the Primary hub:
/opt/nimsoft/probes/service/wasp/lib/services/log4j-1.2.17.jar
The current wasp version is 20.44.
log4j 2.17.1 is not vulnerable. That is the reason we have upgraded all webapps with the log4j version 2.17.1.
It is uncertain as to why your scan still shows the old version of log4j that is-> 1.2.17
The log4j-1.2-api-2.17.1.jar is expected. This is a "compatibility bridge" between old (vulnerable) log4j 1.2 and new (not vulnerable) 2.17.1.
It itself is part of the 2.17.1 version and is safe/not vulnerable.
If you have this log4j1.2.17.jar on your system then this is probably a 'left over' artifact from a previous install/upgrade and it should be ok to delete.
Save a copy to your desktop or another safe place just for safekeeping.
Deactivate the wasp probe and wait for the port and PID to drop.
Then delete the log4j-1.2.17.jar under-> /opt/nimsoft/probes/service/wasp/lib/services
In every UIM GA and CU release, we upgrade third-party components to address known vulnerabilities.
As part of the UIM 23.4 GA release, all log4j* components were upgraded to version 2.20.0 to mitigate security risks.
However, if customers notice older versions, such as log4j* 1.2.7, are still present in the installation directories, these are likely stale/leftovers from previous installations that were not properly cleaned up during the upgrade process. These outdated files are no longer used and can be safely removed.
To clean up the files:
Deactivate the wasp probe
Wait for the wasp port and PID to disappear
Navigate to the physical location on the filesystem where the old/stale log4j* files reside
Delete the old log4j* 1.2.7 files manually
Activate the wasp probe
Doing this should not impact the current installation, and these old files will not reappear in future upgrades.
Broader search:
log4j-1.2*.jar
1.2.17
Check the 'old/older' file dates.
The LATEST wasp packages as of CU3 are v2.20
During or after upgrade, when the installer was trying to delete outdated/files from the wasp folder, we may not have successfully deleted/replaced the files if the wasp folder/files were open.
Its the same when youre trying to manually delete log4j files due to vulnerabilities. The wasp must be completely stopped first.
Resolution confirmed.