UIM 20.4 CU8 and CU9 wasp listdesigner\WEB-INF\lib\log4j-1.2.17.jar Vulnerability.
search cancel

UIM 20.4 CU8 and CU9 wasp listdesigner\WEB-INF\lib\log4j-1.2.17.jar Vulnerability.

book

Article ID: 274921

calendar_today

Updated On:

Products

DX Unified Infrastructure Management (Nimsoft / UIM)

Issue/Introduction

We need your kind support security team did a scan on our UIM servers and we found vulnerabilities in log4j on the below paths.

Plugin Output:   Path: C:\Program Files (x86)\Nimsoft\probes\service\wasp\webapps\listdesigner\WEB-INF\lib\log4j-1.2.17.jar

Installed version: 1.2.17

Current uim version: 20.4 and we have applied the last hotfix file 20.4.8 hotfix 8.

wasp probe version: 20.48, the Vulnerability is on the uim web console (wasp).

 

Environment

Release: 20.4

wasp: 20.48

UIM 20.4 CU8

UIM 20.4 CU9

Cause

Known issue.

Resolution

This is a known issue that is addressed and the fix will be available with the upcoming UIM 23.4 and 20.4 CU10.

23.4 beta will be released in November mid. GA will be in Dec end.

Additional Information

https://knowledge.broadcom.com/external/article?articleId=252929