AppWorx, Dollar Universe and Sysload Community

We are interested if we need to make any modifications to our 9.4 and 9.3 Application Manager environments regarding the log4j alert.

We are using a Apache HTTP 2.4.46.  No log4j files there.

We also see the following log4j files in the appworx directory tree.

[root@tjob apache]# find /u01/app/appworx -name "*log4j*"
/u01/app/appworx/web/THIRD-PARTY-LICENSES/log4j-LICENSE.txt
/u01/app/appworx/web/axis2/log4j-1.2.15.jar
/u01/app/appworx/web/classes/log4j-core-2.14.1.jar
/u01/app/appworx/web/classes/log4j-1.2.15.jar
/u01/app/appworx/web/classes/log4j-1.2-api-2.14.1.jar
/u01/app/appworx/web/classes/inner_jarfiles/BannerAgent/log4j-1.2.8.jar
/u01/app/appworx/scripts/lib/log4j-1.2.12.jar
/u01/app/appworx/scripts/lib/log4j.xml
/u01/app/appworx/scripts/eodrec_component_35/lib/log4j-1.2.12.jar
/u01/app/appworx/scripts/eodrec_component_35/lib/log4j.xml
/u01/app/appworx/scripts/test/eodrec_component_35/lib/log4j-1.2.12.jar
/u01/app/appworx/scripts/test/eodrec_component_35/lib/log4j.xml

Thanks
Larry

Please take a look:

https://knowledge.broadcom.com/external/article?articleId=230316

Original Message:
Sent: Dec 13, 2021 10:28 AM
From: Larry Griswold
Subject: How does the latest Apache Log4j Security Alert CVE-2021-44228 affect 9.4/9.3 Application Manager?

We are interested if we need to make any modifications to our 9.4 and 9.3 Application Manager environments regarding the log4j alert.

We are using a Apache HTTP 2.4.46.  No log4j files there.

We also see the following log4j files in the appworx directory tree.

[root@tjob apache]# find /u01/app/appworx -name "*log4j*"
/u01/app/appworx/web/THIRD-PARTY-LICENSES/log4j-LICENSE.txt
/u01/app/appworx/web/axis2/log4j-1.2.15.jar
/u01/app/appworx/web/classes/log4j-core-2.14.1.jar
/u01/app/appworx/web/classes/log4j-1.2.15.jar
/u01/app/appworx/web/classes/log4j-1.2-api-2.14.1.jar
/u01/app/appworx/web/classes/inner_jarfiles/BannerAgent/log4j-1.2.8.jar
/u01/app/appworx/scripts/lib/log4j-1.2.12.jar
/u01/app/appworx/scripts/lib/log4j.xml
/u01/app/appworx/scripts/eodrec_component_35/lib/log4j-1.2.12.jar
/u01/app/appworx/scripts/eodrec_component_35/lib/log4j.xml
/u01/app/appworx/scripts/test/eodrec_component_35/lib/log4j-1.2.12.jar
/u01/app/appworx/scripts/test/eodrec_component_35/lib/log4j.xml

Thanks
Larry

Larry,

Thank you for posting this question.  I'm sure a lot more of us will be looking for this information.

Dominic

Original Message:
Sent: Dec 13, 2021 10:28 AM
From: Larry Griswold
Subject: How does the latest Apache Log4j Security Alert CVE-2021-44228 affect 9.4/9.3 Application Manager?

We are interested if we need to make any modifications to our 9.4 and 9.3 Application Manager environments regarding the log4j alert.

We are using a Apache HTTP 2.4.46.  No log4j files there.

We also see the following log4j files in the appworx directory tree.

[root@tjob apache]# find /u01/app/appworx -name "*log4j*"
/u01/app/appworx/web/THIRD-PARTY-LICENSES/log4j-LICENSE.txt
/u01/app/appworx/web/axis2/log4j-1.2.15.jar
/u01/app/appworx/web/classes/log4j-core-2.14.1.jar
/u01/app/appworx/web/classes/log4j-1.2.15.jar
/u01/app/appworx/web/classes/log4j-1.2-api-2.14.1.jar
/u01/app/appworx/web/classes/inner_jarfiles/BannerAgent/log4j-1.2.8.jar
/u01/app/appworx/scripts/lib/log4j-1.2.12.jar
/u01/app/appworx/scripts/lib/log4j.xml
/u01/app/appworx/scripts/eodrec_component_35/lib/log4j-1.2.12.jar
/u01/app/appworx/scripts/eodrec_component_35/lib/log4j.xml
/u01/app/appworx/scripts/test/eodrec_component_35/lib/log4j-1.2.12.jar
/u01/app/appworx/scripts/test/eodrec_component_35/lib/log4j.xml

Thanks
Larry