We need to delete the files listed below on our OC server due to a detected security vulnerability.
apache log4j 2.7.0.0 (["c:\\program files (x86)\\nimsoft\\probes\\service\\wasp\\webapps\\rest\\web-inf\\lib\\log4j-core-2.7.jar",
"c:\\program files (x86)\\nimsoft\\probes\\service\\wasp\\webapps\\uimapi.war",
"c:\\program files (x86)\\nimsoft\\probes\\service\\wasp\\webapps\\uimapi\\web-inf\\lib\\log4j-core-2.7.jar",
"c:\\program files (x86)\\nimsoft\\probes\\service\\wasp\\webapps\\webservices_rest.war"])
Please confirm if these can be deleted without having any impact on UIM.
From 20.3.3, you must first upgrade to 20.4, then to 20.4 CU5.
The best option for upgrading is to take advantage of our weekend upgrade program. To register for the next available weekend upgrade, please click this url: https://enterprise-software.broadcom.com/weekend-upgrade-program
As per Broadcom Development/Engineering, the log4j-core-2.7.1 jar files should not be deleted as this will cause logging and other failures. Deleting files will cause issues in the DX UIM application and the process is not certified.