log4j vulnerabilites reported in ade, baseline_engine and prediction_engine
search cancel

log4j vulnerabilites reported in ade, baseline_engine and prediction_engine

book

Article ID: 273719

calendar_today

Updated On:

Products

DX Unified Infrastructure Management (Nimsoft / UIM) CA Unified Infrastructure Management On-Premise (Nimsoft / UIM) CA Unified Infrastructure Management SaaS (Nimsoft / UIM)

Issue/Introduction

We're getting vulnerability findings on all the hubs for the following probes, for the log4j vulnerability.

  Path              : C:\Program Files (x86)\Nimsoft\probes\service\automated_deployment_engine\lib\log4j-core-2.7.jar
  Installed version : 2.7

  Path              : C:\Program Files (x86)\Nimsoft\probes\slm\baseline_engine\lib\log4j-core-2.5.jar
  Installed version : 2.5

  Path              : C:\Program Files (x86)\Nimsoft\probes\slm\prediction_engine\lib\log4j-core-2.5.jar
  Installed version : 2.5

Environment

Release: 20.4

Resolution

Deployed the following probes in the environment:

  • automated_deployment_engine 20.47
  • baseline_engine 20.45
  • prediction_engine 20.45

We set the loglevel to 5 and logsize to 100000 for all probes to test and checked the logs for any errors and there were none.

Powered by Wolken Software