The search looks for LOG4J in any name. It's finding config files and all kinds of other files with that in the name. It doesn't indicate that what it finds is a problem. Just a potential problem. The file you list below is a listener class for the ant process. It is not vulnerable.
On Thu, 2021-12-16 at 19:56 -0500, Jim Franz wrote:
Using the link in Michael's post, IBM iAccess Family is listed as "not
impacted". But using a search tool on my corporate laptop,
C:\Program Files (x86)\IBM\Client
Access\eclipse\plugins\org.apache.ant_1.6.2\lib\ant-apache-log4j.jar
how do i resolve this? I know this is a replaced product. Does the java
client have the same? How would i know what version is in the plugin if IBM
is only going to list it as "product not impacted".
I have to answer to the security group within the company.
btw - this was given to list the log4j jars on a Win machine.
run the following command inside of PowerShell to find the file(s):
Get-ChildItem -Path C:\ "*log4j*" -Recurse -Force
-ErrorAction SilentlyContinue | Where {$_.extension -like ".jar"} |
select-object FullName
Jim Franz
On Wed, Dec 15, 2021 at 10:19 AM Mayer, Michael via MIDRANGE-L <
midrange-l@xxxxxxxxxxxxxxxxxx<mailto:midrange-l@xxxxxxxxxxxxxxxxxx>> wrote:
Latest PSIRT notification !
https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products
Very Respectfully,
Michael Mayer
IBM i on Power System Admin.
IT Operations.
The Florida Bar
651 E. Jefferson St
Tallahassee, Florida 32399-2300
mmayer@xxxxxxxxxxxxxx<mailto:mmayer@xxxxxxxxxxxxxx>
https://www.floridabar.org
Office: 850.561.5761
Cell: 518.641.8906
________________________________
Please note: Florida has very broad public records laws. Many written
communications to or from The Florida Bar regarding Bar business may be
considered public records, which must be made available to anyone upon
request. Your e-mail communications may therefore be subject to public
disclosure.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx<mailto:MIDRANGE-L@xxxxxxxxxxxxxxxxxx>
To subscribe, unsubscribe, or change list options,
visit:
https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx<mailto:MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx>
Before posting, please take a moment to review the archives
at
https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxxxxxxxxxx<mailto:support@xxxxxxxxxxxxxxxxxxxx> for any subscription related
questions.
Help support midrange.com by shopping at amazon.com with our affiliate
link:
https://amazon.midrange.com
[
https://www.medtronsoftware.com/img/MedtronMinilogo.bmp]
Kevin Bucknum
Senior Programmer Analyst
MEDDATA / MEDTRON
120 Innwood Drive
Covington LA 70433
Local: 985-893-2550<tel:985-893-2550>
Toll Free: 877-893-2550<tel:877-893-2550>
https://www.medtronsoftware.com
CONFIDENTIALITY NOTICE
This document and any accompanying this email transmission contain confidential information, belonging to the sender that is legally privileged. This information is intended only for the use of the individual or entity named above. The authorized recipient of this information is prohibited from disclosing this information to any other party and is required to destroy the information after its stated need has been fulfilled. If you are not the intended recipient, or the employee of agent responsible to deliver it to the intended recipient, you are hereby notified that any disclosure, copying, distribution or action taken in reliance on the contents of these documents is STRICTLY PROHIBITED. If you have received this email in error, please notify the sender immediately to arrange for return or destruction of these documents.
midrange.com
