Need assistance in upgrading probes, to remediate the log4j vulnerabilities

search cancel

Need assistance in upgrading probes, to remediate the log4j vulnerabilities

book

Article ID: 368316

calendar_today

Updated On:

Products

DX Unified Infrastructure Management (Nimsoft / UIM) CA Unified Infrastructure Management On-Premise (Nimsoft / UIM) CA Unified Infrastructure Management SaaS (Nimsoft / UIM)

Issue/Introduction

Need assistance in remediating log4j vulnerability on the probes folders' paths - discovery_agent, cabi_external, hp_3par.

Environment

DX UIM 20.4 or higher

Cause

security vulnerabilities

Resolution

1. discovery_agent

Log4j Zero-day vulnerability affects only log4j 2.x

https://nvd.nist.gov/vuln/detail/CVE-2021-44228

So log4j 1.2.17 is not affected by that.

However, discovery_agent is also updated to log4j 2.17.1 in UIM 20.4 CU3. In CU3 the version is 20.42.

http://support.nimsoft.com/download.aspx?ReleaseId=4800&state=GA

2. cabi_external

cabi_external is no longer supported. Uninstall it. cabi_bundled is still supported.

How to uninstall and then reinstall CABI in UIM 20.4

3. hp_3par

Use hp_3par version 1.25

Updated log4j library to 2.17.1 to remediate the vulnerabilities - CVE-2021-44228, CVE-2021-45046, CVE-2021-45105.

Download from:
http://support.nimsoft.com/download.aspx?ReleaseId=4665&state=GA

Feedback

thumb_up Yes

thumb_down No