+1
I upgraded my CommServ to 11_20_85 and I read that this would remediate the log4j vulnerability. So I had the IA folks rescan the server and it came back hot and this is the path they sited. E:\ProgramFiles\Commvault\ContentStore\CVCIEngine\CvPreviewHome\webapps\CvContentPreviewGenApp\WEB-INF\lib\log4j-1.2.17.jar - they are advising to upgrade to a version of Apache Log4j
Best answer by Aplynx
View original
+13
Please take a look at this thread:
CVE-2021-4104: The Commvault software does not use the JMSAppender module and, therefore, the vulnerability about log4j 1.x versions does not affect any Commvault products.
+1
Thanks, I’ll relay this to our IA folks
+1
Out of curiosity can this jar file be deleted.
+23
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
