Data Protector log4j vulnerability

Is there any solution for fixing this critical issue ?

Parents
  • Hi ,

    microfocus created new fix for version from 10,20 to 11, open a call to request de binary.

    regards

  • Support tells me that I do not need a fix since I am running 10.91 Slight smile

    But I see two occurances of log4j.jar in telemetry foleder:

    C:\Program Files\OmniBack\bin\telemetry\log4j-api-2.11.2.jar
    C:\Program Files\OmniBack\bin\telemetry\log4j-core-2.11.2.jar

    There is also one occurance, which is reported by vulnerability checker at:

    C:\Program Files\OmniBack\AppServer\modules\system\layers\base\org\jboss\log4j\logmanager\main\log4j-jboss-logmanager-1.2.0.Final.jar

    And last but not the least, a huge number of occurances under tmp/AppServer/vfs:

    E:\ProgramData\OmniBack\tmp\AppServer\vfs\deployment\deploymentf24466c965d350b2\slf4j-log4j12-1.6.1.jar-c59c9d8dffafd2f8

    E:\ProgramData\OmniBack\tmp\AppServer\vfs\deployment\deploymentf24466c965d350b2\slf4j-log4j12-1.6.1.jar-83c645e5284f3aac
    E:\ProgramData\OmniBack\tmp\AppServer\vfs\deployment\deploymentf24466c965d350b2\slf4j-log4j12-1.6.1.jar-de5a23e33f0b44f7
    E:\ProgramData\OmniBack\tmp\AppServer\vfs\deployment\deploymentf24466c965d350b2\slf4j-log4j12-1.6.1.jar-593e545f19dc49a
    E:\ProgramData\OmniBack\tmp\AppServer\vfs\deployment\deploymentf24466c965d350b2\slf4j-log4j12-1.6.1.jar-eda4a285faaa9b2a

Reply
  • Support tells me that I do not need a fix since I am running 10.91 Slight smile

    But I see two occurances of log4j.jar in telemetry foleder:

    C:\Program Files\OmniBack\bin\telemetry\log4j-api-2.11.2.jar
    C:\Program Files\OmniBack\bin\telemetry\log4j-core-2.11.2.jar

    There is also one occurance, which is reported by vulnerability checker at:

    C:\Program Files\OmniBack\AppServer\modules\system\layers\base\org\jboss\log4j\logmanager\main\log4j-jboss-logmanager-1.2.0.Final.jar

    And last but not the least, a huge number of occurances under tmp/AppServer/vfs:

    E:\ProgramData\OmniBack\tmp\AppServer\vfs\deployment\deploymentf24466c965d350b2\slf4j-log4j12-1.6.1.jar-c59c9d8dffafd2f8

    E:\ProgramData\OmniBack\tmp\AppServer\vfs\deployment\deploymentf24466c965d350b2\slf4j-log4j12-1.6.1.jar-83c645e5284f3aac
    E:\ProgramData\OmniBack\tmp\AppServer\vfs\deployment\deploymentf24466c965d350b2\slf4j-log4j12-1.6.1.jar-de5a23e33f0b44f7
    E:\ProgramData\OmniBack\tmp\AppServer\vfs\deployment\deploymentf24466c965d350b2\slf4j-log4j12-1.6.1.jar-593e545f19dc49a
    E:\ProgramData\OmniBack\tmp\AppServer\vfs\deployment\deploymentf24466c965d350b2\slf4j-log4j12-1.6.1.jar-eda4a285faaa9b2a

Children
No Data