UIM 20.4 CU8 and CU9 wasp listdesigner\WEB-INF\lib\log4j-1.2.17.jar Vulnerability.
search cancel

UIM 20.4 CU8 and CU9 wasp listdesigner\WEB-INF\lib\log4j-1.2.17.jar Vulnerability.

book

Article ID: 274921

calendar_today

Updated On:

Products

DX Unified Infrastructure Management (Nimsoft / UIM)

Issue/Introduction

Security team did a scan on UIM servers and found vulnerabilities in log4j on the below paths.

Plugin Output:   Path: C:\Program Files (x86)\Nimsoft\probes\service\wasp\webapps\listdesigner\WEB-INF\lib\log4j-1.2.17.jar

Installed version: 1.2.17

 

 

Environment

Release: 20.4

wasp: 20.48

DX UIM 20.4 CU8

DX UIM 20.4 CU9

Cause

Known issue.

Resolution

This is a known issue that is addressed and the fix is available in UIM 23.4 and 20.4 CU10.