UIM: log4j vulnerabilities detected with service_host war files
search cancel

UIM: log4j vulnerabilities detected with service_host war files

book

Article ID: 280524

calendar_today

Updated On:

Products

DX Unified Infrastructure Management (Nimsoft / UIM)

Issue/Introduction

Our security scanner detected log4j vulnerabilities for .war files under the service_host path below.

Are these files use by UIM 20.x or 23.x?

How can this be remediated?

 Path              : ..\Nimsoft\probes\service\service_host\toDeploy\adminconsole.war
  Installed version : 1.2.16

  Path              : ..\Nimsoft\probes\service\service_host\\toDeploy\ids_services.war
  Installed version : 1.2.16

  Path              : ..\Nimsoft\probes\service\service_host\toDeploy\monitoring_services.war
  Installed version : 1.2.14

 

Environment

Any UIM 20.x or 23.x

Resolution

The service_host probe was deprecated after UIM 8.51 and is not used in UIM 20.4+ and 23.x

The service_host probe and files can be safely deleted without impacting UIM

Powered by Wolken Software