Hello,
I wanted to know if the current patch 11.20.90 (01-Feb-2022) fixes the problem.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4104
Can anyone here already make a statement ?
with kind regards
Thomas
Solved
Does the new Patch fix CVE-2021-4104 ?
Best answer by thomas.S
Today's security scans showed that the patch did something. Log4J is now no longer a problem.
Have a nice weekend
If you have a question or comment, please create a topic
+13- Vaulter
- 291 replies
CVE-2021-4104: The Commvault software does not use the JMSAppender module and, therefore, the vulnerability about log4j 1.x versions does not affect any Commvault products.
Hello
since we always have this message in our daily security scans, it should be possible to delete the Log4J jar files without any problem.
Files\Commvault\ContentStore2\CvFailover\CvMonitoringService\lib\log4j-1.2.16.jar
+13- Vaulter
- 291 replies
There is an upcoming patch to address this and remove those files. I would not recommend removing them manually. I’d post any additional questions you have here:
Hello
thanks for your feedback.
Is there already an approximate date by when this patch will be available ?
We have now applied the patch and will check tomorrow whether the messages have disappeared after the security scan. I will give an update on the issue tomorrow.
Today's security scans showed that the patch did something. Log4J is now no longer a problem.
Have a nice weekend
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.