I upgraded my CommServ to 11_20_85 and I read that this would remediate the log4j vulnerability. So I had the IA folks rescan the server and it came back hot and this is the path they sited. E:\ProgramFiles\Commvault\ContentStore\CVCIEngine\CvPreviewHome\webapps\CvContentPreviewGenApp\WEB-INF\lib\log4j-1.2.17.jar - they are advising to upgrade to a version of Apache Log4j
Solved
server scanned hot for log4j after upgrade
+1Best answer by Aplynx
Please take a look at this thread:
CVE-2021-4104: The Commvault software does not use the JMSAppender module and, therefore, the vulnerability about log4j 1.x versions does not affect any Commvault products.
+13- Vaulter
- 291 replies
- Answer
Please take a look at this thread:
CVE-2021-4104: The Commvault software does not use the JMSAppender module and, therefore, the vulnerability about log4j 1.x versions does not affect any Commvault products.
Liam
+23- Vaulter
- 4996 replies
Reply
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.