cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
ashish01
Level 5

ACAS vulnerabilities hitting for Log4J

Hi Team,

 

One of our customer is getting ACAS vulnerabilities hitting for Log4J which is included in Flexlm license server setup version - lmadmin-x64_n6-11.18.3.1.

Path              : C:\Users\ashish\Downloads\lmadmin-x64_n6-11.18.3.1\examples\alerter\lib\log4j-core-2.17.0.jar

Included version : 2.17.0

Fixed version     : 2.17.1

Can this jar be simply replaced with the fixed jar version? Or is there any patch for this? Or can we delete  'examples' folder entirely?

 

Thanks

0 Kudos
(4) Replies
jyadav
Flexera Alumni

Hi @ashish01  ,

Could you please provide the CVE number so that I can run a quick check internally and provide an update  .

0 Kudos
mrathinam
Revenera Moderator Revenera Moderator
Revenera Moderator

0 Kudos
alicesimth5765
Level 2

It's best to check with the software vendor for specific guidance. However, generally, updating the log4j-core jar to the fixed version or deleting the 'examples' folder (if not in use) should help mitigate the vulnerability. Always back up before making changes.

You are right @alicesimth5765 

0 Kudos