Log4j 2.25.3 Vulnerability for UIM core probes
search cancel

Log4j 2.25.3 Vulnerability for UIM core probes

book

Article ID: 439659

calendar_today

Updated On:

Products

DX Unified Infrastructure Management (Nimsoft / UIM)

Issue/Introduction

A Log4j 2.25.3 vulnerability was reported in CU7, with a recommendation to patch to version 2.25.4.
 
Could you please clarify which upcoming version will include the Log4j 2.25.4 patch?

Environment

Release: DX UIM 23.4.7

Cause

Core Probes: Log4j 2.25.4 was released on March 28, following the March 9 release of 23.4 CU7. Consequently, the core probes currently use Log4j 2.25.3.

Resolution

Regarding the Log4j 2.25.3 remediation for UIM core probes, this will be addressed in CU8. Other probes will be remediated as part of their standard release cycle. CU8 release is scheduled tentatively for the end of June.

Powered by Wolken Software