AppWorx, Dollar Universe and Sysload Community

 View Only
Expand all | Collapse all

How does the latest Apache Log4j Security Alert CVE-2021-44228 affect 9.4/9.3 Application Manager?

Jump to Best Answer
  • 1.  How does the latest Apache Log4j Security Alert CVE-2021-44228 affect 9.4/9.3 Application Manager?

    Posted Dec 13, 2021 10:28 AM
    We are interested if we need to make any modifications to our 9.4 and 9.3 Application Manager environments regarding the log4j alert.

    We are using a Apache HTTP 2.4.46.  No log4j files there.

    We also see the following log4j files in the appworx directory tree.

    [root@tjob apache]# find /u01/app/appworx -name "*log4j*"
    /u01/app/appworx/web/THIRD-PARTY-LICENSES/log4j-LICENSE.txt
    /u01/app/appworx/web/axis2/log4j-1.2.15.jar
    /u01/app/appworx/web/classes/log4j-core-2.14.1.jar
    /u01/app/appworx/web/classes/log4j-1.2.15.jar
    /u01/app/appworx/web/classes/log4j-1.2-api-2.14.1.jar
    /u01/app/appworx/web/classes/inner_jarfiles/BannerAgent/log4j-1.2.8.jar
    /u01/app/appworx/scripts/lib/log4j-1.2.12.jar
    /u01/app/appworx/scripts/lib/log4j.xml
    /u01/app/appworx/scripts/eodrec_component_35/lib/log4j-1.2.12.jar
    /u01/app/appworx/scripts/eodrec_component_35/lib/log4j.xml
    /u01/app/appworx/scripts/test/eodrec_component_35/lib/log4j-1.2.12.jar
    /u01/app/appworx/scripts/test/eodrec_component_35/lib/log4j.xml

    Thanks
    Larry


  • 2.  RE: How does the latest Apache Log4j Security Alert CVE-2021-44228 affect 9.4/9.3 Application Manager?
    Best Answer

    Broadcom Employee
    Posted Dec 13, 2021 11:04 AM

    Please take a look:

    https://knowledge.broadcom.com/external/article?articleId=230316




  • 3.  RE: How does the latest Apache Log4j Security Alert CVE-2021-44228 affect 9.4/9.3 Application Manager?

    Posted Dec 14, 2021 08:29 AM

    Larry,

    Thank you for posting this question.  I'm sure a lot more of us will be looking for this information.

    Dominic