As far as I know, and I have been reading and patching since last Saturday, the suspect jar is the core jar of log4j.  Since your jar is a log4j packaged for Apache Ant (a build tool) you would have to inspect the classes in the jar and see if it has the class that causes the vulnerability.  Specifically: org/apache/logging/log4j/core/lookup/JndiLookup.class   If it is there, it might be vulnerable if there is direct access to your laptop when the log4j jar can be leveraged (unlikely).

Check with the Apache Ant project to see if they posted something.

Pete Helgren
GIAC Secure Software Programmer-Java
AWS Certified Cloud Practitioner
Microsoft Certified: Azure Fundamentals
Twitter - Sys_i_Geek IBM_i_Geek

On 12/16/2021 6:56 PM, Jim Franz wrote:
Using the link in Michael's post, IBM iAccess Family is listed as "not
impacted". But using a search tool on my corporate laptop,
C:\Program Files (x86)\IBM\Client

how do i resolve this? I know this is a replaced product. Does the java
client have the same? How would i know what version is in the plugin if IBM
is only going to list it as "product not impacted".
I have to answer to the security group within the company.

btw - this was given to list the log4j jars on a Win machine.
run the following command inside of PowerShell to find the file(s):

Get-ChildItem -Path C:\ "*log4j*" -Recurse -Force
-ErrorAction SilentlyContinue | Where {$_.extension -like ".jar"} |
select-object FullName

Jim Franz

As an Amazon Associate we earn from qualifying purchases.

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2022 by and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.