While security vulnerabilities are constantly appearing, it is often critical to locate and patch those vulnerabilities in short order-- especially when such vulnerabilities can represent significant risk of a data breach in your organization. As most IT folks know, the log4j vulnerabilities in both version 1 and version 2 make it critical that it be patched. Software vendors across the globe have been issuing recommended actions and patches and IT has been diligently patching vulnerable software,
However, because Log4j is a library, locating where it has been installed can be difficult and time consuming since many scanners are looking for software, not software libraries. Luckily Universal Discovery and UCMDB can help you! Micro Focus recently released a new Inventory Knowledge Discovery Pack specific for Log4j that works on most (if not all) versions of Universal Discovery and UCMDB. It will report the Log4j library as installed software.
Once you download and apply this Inventory Knowledge Discovery Pack, you'll be able to quickly see what versions of Log4j are installed in your discovered IT environment.
Once identified, you can begin manual patching operations, or use other tools such as Micro Focus Data Center Automation to begin automated patching procedures.
While no one likes to hear that software in their environment has an known vulnerability, Micro Focus Universal Discovery and UCMDB has made it easier to know what versions of Log4j are installed in your environment.