Solved

server scanned hot for log4j after upgrade

3 years ago
January 7, 2022
4 replies
511 views

Will Patrick
Bit

I upgraded my CommServ to 11_20_85 and I read that this would remediate the log4j vulnerability. So I had the IA folks rescan the server and it came back hot and this is the path they sited. E:\ProgramFiles\Commvault\ContentStore\CVCIEngine\CvPreviewHome\webapps\CvContentPreviewGenApp\WEB-INF\lib\log4j-1.2.17.jar - they are advising to upgrade to a version of Apache Log4j

Best answer by Aplynx

Please take a look at this thread:

https://community.commvault.com/technical-blogs-and-articles-39/log4j-vulnerability-cve-2021-44228-1994

CVE-2021-4104: The Commvault software does not use the JMSAppender module and, therefore, the vulnerability about log4j 1.x versions does not affect any Commvault products.

View original

Did this answer your question?

+13

Aplynx
Vaulter
3 years ago
January 7, 2022

Please take a look at this thread:

https://community.commvault.com/technical-blogs-and-articles-39/log4j-vulnerability-cve-2021-44228-1994

CVE-2021-4104: The Commvault software does not use the JMSAppender module and, therefore, the vulnerability about log4j 1.x versions does not affect any Commvault products.

Liam

Will Patrick
Bit
3 years ago
January 7, 2022

Thanks, I’ll relay this to our IA folks

Will Patrick
Bit
3 years ago
January 7, 2022

Out of curiosity can this jar file be deleted.

+23

Mike Struening
Vaulter
3 years ago
January 7, 2022

@Will Patrick , I wouldn't delete anything. We likely use it for valid purposes, just not the vulnerable aspect/portion.

https://www.linkedin.com/in/michael-struening

Reply

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

Cookie settings

We use 3 different kinds of cookies. You can choose which cookies you want to accept. We need basic cookies to make this site work, therefore these are the minimum you can select. Learn more about our cookies.

Basic
Functional

Normal
Functional + analytics

Complete
Functional + analytics + social media + embedded videos

Reply

Related topics

How to create backup of PV and PVC defnition of a NFS share? (I do not need to backup NFS data)icon

backup with pv and pvcicon

K10 Disaster recovery to a new clustericon

Failed to fetch the snapshot sessionicon

Using NFS Share on NAS as a Backup Location Where to Enter Credentialsicon

Most helpful members this week

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded

Cookie policy

Cookie settings