UIM vulnerabilities referencing log4j
search cancel

UIM vulnerabilities referencing log4j

book

Article ID: 237115

calendar_today

Updated On:

Products

DX Unified Infrastructure Management (Nimsoft / UIM) DX Unified Infrastructure Management (Nimsoft / UIM)

Issue/Introduction

Need to verify if  the below CVE's are affecting UIM (Log4j 1.x related)

If vulnerable what should be done to overcome this vulnerability.

 

CVE-2019-17571

https://nvd.nist.gov/vuln/detail/CVE-2019-17571


CVE-2020-9488

https://nvd.nist.gov/vuln/detail/CVE-2020-9488

 

CVE-2022-23302

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23302


CVE-2022-23305

https://nvd.nist.gov/vuln/detail/CVE-2022-23305


CVE-2022-23307

https://nvd.nist.gov/vuln/detail/CVE-2022-23307

Environment

Release : 20.4 /20.4.1

Component : UIM - SECURITY VULNERABILITIES

Resolution

DX UIM is not affected by given vulnerabilities.

Migrated to log4j 2.x and therefore all are mitigated in 20.4 CU3.

https://support.broadcom.com/web/ecx/solutiondetails?aparNo=99111525&os=MULTI-PLATFORM 

Additional Information

Addressing Log4j Vulnerabilities

 

Powered by Wolken Software