VIP (Validation ID Protection)

Hi Supports,

Customer have updated their version to the latest one (9.10.1). Did followed the steps in this KB. But log4j still being detected when they run the vulnerability scan.
Appreciate any advice on this.

Thank you,
Atifah

Hi Atifah,

Could you send the location where this log4j 1.x reference is found. Did you see this inside the Enterprise Gateway .bak folders?
Send us the location and do you have multiple environments and this is observed in all the environments or not?

-Namish
Original Message:
Sent: Jan 10, 2023 12:50 AM
From: Atifah Abdul Latif
Subject: log4j still detected on version 9.10.1

Hi Supports,

Customer have updated their version to the latest one (9.10.1). Did followed the steps in this KB. But log4j still being detected when they run the vulnerability scan.
Appreciate any advice on this.

Thank you,
Atifah

Hi Namish,

Here the results of the scan - "..\bin\wrapper.jar;bootstrap.jar;..\ext\commons-logging-1.1.3.jar;..\ext\log4j-1.2.17.jar"
Yes, it is multiple environments, and the issue was observed on all of the environments.

Regards,
Atifah
Original Message:
Sent: Jan 10, 2023 09:30 AM
From: Namish Tiwari
Subject: log4j still detected on version 9.10.1

Hi Atifah,

Could you send the location where this log4j 1.x reference is found. Did you see this inside the Enterprise Gateway .bak folders?
Send us the location and do you have multiple environments and this is observed in all the environments or not?

-Namish
Original Message:
Sent: Jan 10, 2023 12:50 AM
From: Atifah Abdul Latif
Subject: log4j still detected on version 9.10.1

Hi Supports,

Customer have updated their version to the latest one (9.10.1). Did followed the steps in this KB. But log4j still being detected when they run the vulnerability scan.
Appreciate any advice on this.

Thank you,
Atifah

Hi Atifah,

This issue need more investigation and will be best handled through a support case, will you please open one and we will work on that to address this.

Thanks
Namish
Original Message:
Sent: Jan 10, 2023 07:38 PM
From: Atifah Abdul Latif
Subject: log4j still detected on version 9.10.1

Hi Namish,

Here the results of the scan - "..\bin\wrapper.jar;bootstrap.jar;..\ext\commons-logging-1.1.3.jar;..\ext\log4j-1.2.17.jar"
Yes, it is multiple environments, and the issue was observed on all of the environments.

Regards,
Atifah
Original Message:
Sent: Jan 10, 2023 09:30 AM
From: Namish Tiwari
Subject: log4j still detected on version 9.10.1

Hi Atifah,

Could you send the location where this log4j 1.x reference is found. Did you see this inside the Enterprise Gateway .bak folders?
Send us the location and do you have multiple environments and this is observed in all the environments or not?

-Namish
Original Message:
Sent: Jan 10, 2023 12:50 AM
From: Atifah Abdul Latif
Subject: log4j still detected on version 9.10.1

Hi Supports,

Customer have updated their version to the latest one (9.10.1). Did followed the steps in this KB. But log4j still being detected when they run the vulnerability scan.
Appreciate any advice on this.

Thank you,
Atifah