LOG4J - APPS10 - log4j-core-2.8.2.jar

Question

After implementing the “IFS Solution ID 298974” from

Impact of CVE-2021-44228 on IFS Products, Services | IFS Community

the “Verification instructions” is:

Using a search engine like AgentRansack that can search within compressed files, scan the IFS-Home for instances of the JndiLookup.class (including instances within .jar, .ear and .war files)

But there are a number of “log4j-core-2.8.2.jar” (CVE-2021-44228) still being used in the application. By searching the associated handles in the resource manager, there is about 6 process running per environment.

Is there any plan/recommendations of these files?

Novishan Dissanayake · Accepted Answer

Hi @JamesM,You can shutdown the servers and delete the relevant tmp folder in each server, then start them again. Since these are temp folders, we can safely ignore them.Best Regards,Novishan

rayanhimal · Answer

Hi@JamesM,You can shutdown the servers and delete the relevant tmp folder in each server, then start them again. Since these are temp folders, we can safely ignore them.Best Regards,NovishanHi @Novishan Dissanayake,I had the same issue and I followed this step,But once we delete the temp folder and start up the application, those log4j files being re-created.Do we have any way to fully remove them? Isn’t this affecting?Best Regards,Rayan

Did you find what you're looking for? If not:

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded