Browse By Tags

  • ZCM 23.4 on Windows Server log4j patch

    Hi, I recently upgraded my ZCM Primary from 2017 to 2020, 2020.2, then 23.4. And also preformed a Windows Server OS upgrade. After upgrading to 23.4, my network security scanners are flagging ZCM as having the log4j vulnerability. Could someone point…
  • Can i remove log4j file by uninstalling Telemetry client alone?

    I am using DP 10.70 Version. LOG4J vulnerability is being detected on all our client systems where the user interface is installed. Is there a way i cam remove these telemetry files as we don't use telemetry.
  • Knowledge Document: Log4j 1.x vulnerability in Open Enterprise Server 23.4

    Products Open Enterprise Server (OES) Environment Open Enterprise Server 23.4 Situation Vulnerability version of log4j on OES 23.4 installation, the offending files are as follows: /opt/novell/storm/webframework/webapps/storm…
  • Knowledge Document: log4j vulnerabilities related to OES User Rights Map (NURM)

    Environment Open Enterprise Server 2023+ (OES 2023+) Summary CVE-2021-4104 : JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. CVE-2019-17571 : Included in…
  • log4j telemetry client update , creating a hotfix to deploy to clients

    So this is more or less a similar problem to a 2 year old article. RE: Data Protector log4j vulnerability MF (i've asked) won't provide me a way to create my own HF to deploy updated log4j.jar files to the telemetry clients. My organization requires…
  • Log4J Vulnerability in Silk Central 20.6

    We have the vulnerabilities in Silk Central 20.6 (CVE-2021-44228, CVE-2021-45105, CVE-2021-44832, CVE-2021-45046) and we need to fix them. What action do we need to take to resolve them?
  • ZCM2020.3 log4j issue

    Hi All My ZCM lab server (Windows Plateform) had upgrade to 2020.3 on last month, and apply FTF_054 yesterday. But I use Nessue tool , it still get a Log4j vulnerability as below screenshot I have another ZCM2020.3 which alsp apply FTF_954 update…
  • Smartconnectors 8.3, Log4j is still showing in their backup file and scanner still detecting it.

    Log4j is still showing in their backup file and scanner still detecting it. I need to remove the offending version of log4j from the axis directory in the “back-up” directory in smartconnectors 8.3+, it keep its own backups. They are in the same directory…
  • New/Additional ZCM-VA: Did it need the Log4J-Patches?

    I want to install a new ZCM-VA as additional primary server. It is necessary to go through the steps to secure the appliance against the Log4J-Issue? Or have new/updated Images this included?
  • Updated Log4j Aegis Workflow (WFA)

    The embedded log4j in the Aegis Workflow appears to be using 1.X . The log4j Version 1.X is no longer supported and is considered a possible security vulnerability. Please update Log4J to utilize the latest 2.X versions to maintain compliance. Our current…
  • [Micro Focus] SBM SIG meeting for February 2022

    There have been a lot of questions regarding the log4j vulnerability, so we thought this SIG would be a good place to help eliminate the FUD and give people an update on additional steps we're taking. Note that mitigations in the field are available,…
  • Reimagining Cyber Podcast: Cyber Insurance in the Wake of Log4j

    Happy New Year, and welcome to 2022! I think we can all agree that 2021 had some highs and some lows. It certainly taught us all how to be resilient, that’s for sure. Whether in work or personal life, we’ve all had to learn how to adapt. The cyberspace…
  • Detect Log4Shell with Fortify WebInspect

    As part of our efforts at CyberRes to address the Log4j vulnerability , we are continuing to analyze this remote code execution vulnerability and address it. As you know, Log4j burst onto the scene last month and now Open Source Software is in the headlines…
  • ESM: Apache Log4j Unsupported Version Detection

    Log4j 1.x has reached end of life and is no longer supported acording to: "Vulnerabilities reported after August 2015 against Log4j 1.x were not checked and will not be fixed. Users should upgrade to Log4j 2 to obtain security fixes.“ https://logging…
  • Universal Discovery and CMDB can help you locate Log4j in your IT environment

    While security vulnerabilities are constantly appearing, it is often critical to locate and patch those vulnerabilities in short order-- especially when such vulnerabilities can represent significant risk of a data breach in your organization. As most…
  • APM Log4j Remediation Question

    Hello, My customer is in the process of completing the steps documented in CVE-2021-44228 and other vulnerabilites for Micro Focus APM (as of 1/6/2022). The document states replacing the 2.17.0 jar files. Within the same docment it references a KM article…
  • Support Tip: CVE-2021-44228 Log4j Vulnerability for Fortify ScanCentral SAST

    Summary: Fortify ScanCentral SAST is affected by the CVE-2021-4428 Log4j Vulnerability. ScanCentral (SAST) affected versions: ScanCentral 20.1 ScanCentral 20.2 ScanCentral 21.1 ScanCentral 21.2 URL Name: KM000003218 Products…
  • Support Tip: CVE-2021-44228 Log4j Vulnerability for Application Defender 20.1

    Summary: Several infrastructure containers within the Application Defender server architecture container versions of log4j that are deemed susceptible to Log4Shell (CVE-2021-44228). The affected containers are: • appdefender/cassandra • appdefender…
  • Knowledge Doc: CVE-2021-44228 Log4j Vulnerability for Change Guardian

    Summary: Change Guardian server is affected by Log4j vulnerability (CVE-2021-44228). The following components are not affected: Change Guardian Agent for Windows Change Guardian Agent for UNIX Change Guardian Policy Editor Change Guardian…
  • Knowledge Doc: Log4j vulnerability and Sentinel - CVE-2021-44228

    Summary: Sentinel server is affected by Log4j vulnerability (CVE-2021-44228) URL Name: KM000003122 Products: Sentinel Enterprise Situation: Click here to access full Support Tip details
  • Support Tip: Access Manager log4j2.formatMsfNoLookups CVE-2021-44228 CVE-2021-45046

    Summary: Access Manager log4j2.formatMsgNoLookups CVE-2021-44228 CVE-2021-45046 URL Name: KM000002997 Products: Access Manager (NAM) Article Body Environment: Access Manager 4.5.x Access Manager 5.x Situation: Click…
  • Log3J: Download of the fixes unavailable?

    CVE-2021-44228 Log4j RCE 0-day mitigation vulnerability on ZENworks shows https://download2.microfocus.com/fileinfo.asp?filename=ZCM_20.2.0_FTF_Server_997.zip as DL link for the FTF. But there I get only: "No downloads available" even at the SLD I…
  • Reimagining Cyber Podcast: Log4j vulnerability provides harsh lessons in unknown dependencies

    On 8 December 2020, FireEye announced they were a victim to a nation-state attack and several days later they discovered evidence that attackers had a backdoor in SolarWinds software and dubbed the attack as “ SUNBURST ”. Almost a year later to the…
  • /account and /admin page is inaccessible

    Hi After applying patches related to log4j and others, one of the appliance which the global master , the /account and /admin page isnt accessible. Have rebooted from VM etc as well.Any idea why this is happening? the DB server role appliance in the…
  • Data Protector v9.0.9 patch/workaround for log4j

    Is there a patch or workaround that doesn't involve upgrading. We have a small DP 9.0.9 environment that's protecting RMAN workloads. Our licenses are under maintenance but we're not interested in upgrading if we don't have to; We're currently moving…