UIM 20.4 CU8 and CU9 wasp listdesigner\WEB-INF\lib\log4j-1.2.17.jar Vulnerability.
search cancel

UIM 20.4 CU8 and CU9 wasp listdesigner\WEB-INF\lib\log4j-1.2.17.jar Vulnerability.

book

Article ID: 274921

calendar_today

Updated On:

Products

DX Unified Infrastructure Management (Nimsoft / UIM)

Issue/Introduction

We need your kind support security team did a scan on our UIM servers and we found vulnerabilities in log4j on the below paths.

Plugin Output:   Path: C:\Program Files (x86)\Nimsoft\probes\service\wasp\webapps\listdesigner\WEB-INF\lib\log4j-1.2.17.jar

Installed version: 1.2.17

Current uim version: 20.4 and we have applied the last hotfix file 20.4.8 hotfix 8.

wasp probe version: 20.48, the Vulnerability is on the uim web console (wasp).

 

Environment

Release: 20.4

wasp: 20.48

UIM 20.4 CU8

UIM 20.4 CU9

Cause

Known issue.

Resolution

This is a known issue that is addressed and the fix is available in UIM 23.4 and 20.4 CU10.

 

Additional Information

https://knowledge.broadcom.com/external/article?articleId=252929

Powered by Wolken Software