Solved

LOG4J - APPS10 - log4j-core-2.8.2.jar

  • 10 February 2022
  • 2 replies
  • 218 views

Userlevel 2
Badge +2

After implementing the “IFS Solution ID 298974” from

Impact of CVE-2021-44228 on IFS Products, Services | IFS Community 

the “Verification instructions” is:

Using a search engine like AgentRansack that can search within compressed files, scan the IFS-Home for instances of the JndiLookup.class (including instances within .jar, .ear and .war files)

 

But there are a number of “log4j-core-2.8.2.jar” (CVE-2021-44228) still being used in the application. By searching the associated handles in the resource manager, there is about 6 process running per environment. 

Is there any plan/recommendations of these files?

icon

Best answer by Novishan Dissanayake 23 February 2022, 11:16

View original

This topic has been closed for comments

2 replies

Userlevel 6
Badge +13

Hi @JamesM,

 

You can shutdown the servers and delete the relevant tmp folder in each server, then start them again. Since these are temp folders, we can safely ignore them.

 

Best Regards,

Novishan

Userlevel 2
Badge +4

Hi @JamesM,

 

You can shutdown the servers and delete the relevant tmp folder in each server, then start them again. Since these are temp folders, we can safely ignore them.

 

Best Regards,

Novishan

Hi @Novishan Dissanayake,
 

I had the same issue and I followed this step,

But once we delete the temp folder and start up the application, those log4j files being re-created.
Do we have any way to fully remove them? Isn’t this affecting?

Best Regards,
Rayan