Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1081
Views
10
Helpful
0
Replies

Log4J DCNM files after fix applied

lizarral
Level 1
Level 1

‎01-25-2022 08:03 AM

Hello team, a couple of weeks ago, we implemented this as a fix for DCNM Log4j issue:

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47291

 

Some days after the fix application, we received an scan with new files affected by this Log4J vulnerability:

Tenable NASA DRN Server: Path : D:\\Program Files\\Cisco Systems\\dcm\\wildfly-14.0.1.Final\\standalone\\tmp\\vfs\\deployment\\deployment2a8731980f59d04c\\log4j-core-2.6.2.jar-9583d95dae77483d\\log4j-core-2.6.2.jar Installed version : 2.6.2 Fixed version : 2.12.2

Tenable NASA DRN Server: Path : D:\\Program Files\\Cisco Systems\\dcm\\wildfly-14.0.1.Final\\standalone\\tmp\\vfs\\deployment\\deployment2a8731980f59d04c\\log4j-core-2.6.2.jar-9583d95dae77483d\\log4j-core-2.6.2.jar Installed version : 2.6.2 Fixed version : 2.12.3

 

And the comment: it is flagging “dcm/wildfly” = can you help to check if this is required for Cisco DCNM or whether this is actually just an installation file which can be removed? 

 

What should we do with those files, if the Log4J fix was already applied?

Thank you.

 

 

3 people had this problem
0 Replies 0
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card