cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
970
Views
10
Helpful
0
Replies

Log4J DCNM files after fix applied

lizarral
Level 1
Level 1

Hello team, a couple of weeks ago, we implemented this as a fix for DCNM Log4j issue:

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47291

 

Some days after the fix application, we received an scan with new files affected by this Log4J vulnerability:

Tenable NASA DRN Server: Path : D:\\Program Files\\Cisco Systems\\dcm\\wildfly-14.0.1.Final\\standalone\\tmp\\vfs\\deployment\\deployment2a8731980f59d04c\\log4j-core-2.6.2.jar-9583d95dae77483d\\log4j-core-2.6.2.jar Installed version : 2.6.2 Fixed version : 2.12.2

Tenable NASA DRN Server: Path : D:\\Program Files\\Cisco Systems\\dcm\\wildfly-14.0.1.Final\\standalone\\tmp\\vfs\\deployment\\deployment2a8731980f59d04c\\log4j-core-2.6.2.jar-9583d95dae77483d\\log4j-core-2.6.2.jar Installed version : 2.6.2 Fixed version : 2.12.3

 

And the comment: it is flagging “dcm/wildfly” = can you help to check if this is required for Cisco DCNM or whether this is actually just an installation file which can be removed? 

 

What should we do with those files, if the Log4J fix was already applied?

Thank you.

 

 

0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: