Log4j 2.25.3 Vulnerability for UIM core probes
search cancel

Log4j 2.25.3 Vulnerability for UIM core probes

book

Article ID: 439659

calendar_today

Updated On:

Products

DX Unified Infrastructure Management (Nimsoft / UIM)

Issue/Introduction

A Log4j 2.25.3 vulnerability was reported in CU7, with a recommendation to patch to version 2.25.4.
 
CVE Record: CVE-2026-34477
CVE Record: CVE-2026-34478
CVE Record: CVE-2026-34479
CVE Record: CVE-2026-34480
CVE Record: CVE-2026-34481
 
Could you please clarify which upcoming version will include the Log4j 2.25.4 patch?

Environment

Release: DX UIM 23.4.7

Cause

Core Probes: Log4j 2.25.4 was released on March 28, following the March 9 release of 23.4 CU7. Consequently, the core probes currently use Log4j 2.25.3.

Resolution

Regarding the Log4j 2.25.3 remediation for UIM core probes, is addressed in 23.4 CU8. Other probes will be remediated as part of their standard release cycle. 

How to find UIM CU download page

Powered by Wolken Software