Jaspersoft Neo4j vulnerability with Clarity
Article ID: 262852
Updated On:
Products
Clarity PPM On Premise
Clarity PPM SaaS
Issue/Introduction
According to the vulnerability scan, this file is vulnerable in conjunction with Log4Shell:
<Tomcat Web Apps>/WEB-INF/lib/neo4j-jdbc42-1.0.8.1009.jar
Environment
Release : Jaspersoft 8.1
Resolution
Neoj4 JDBC jar is found in Jaspersoft Installation and its not used with Integration of Clarity.
Workaround:
- Stop Jaspersoft services
- Back up the tomcat folder
- Navigate to <Tomcat Web Apps>/WEB-INF/lib/
- Remove neo4j-jdbc42-1.0.8.1009.jar
- Restart the services and perform sanity test
Additional Information
For more information, check Jaspersoft documentation
Also check: CVE-2021-44228 - log4j vulnerability and Clarity
Feedback
Yes
No
Powered by
