I upgraded my CommServ to 11_20_85 and I read that this would remediate the log4j vulnerability. So I had the IA folks rescan the server and it came back hot and this is the path they sited. E:\ProgramFiles\Commvault\ContentStore\CVCIEngine\CvPreviewHome\webapps\CvContentPreviewGenApp\WEB-INF\lib\log4j-1.2.17.jar - they are advising to upgrade to a version of Apache Log4j
Page 1 / 1
Please take a look at this thread:
CVE-2021-4104: The Commvault software does not use the JMSAppender module and, therefore, the vulnerability about log4j 1.x versions does not affect any Commvault products.
Thanks, I’ll relay this to our IA folks
Out of curiosity can this jar file be deleted.
Reply
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.