log4shell vulnerability - are Stor2rrd & Lpar2rrd affected?
Comments
-
no, we do not use log4j nor log4shell at all.
-
Thanks for your fast reply!
-
Hi Pavel, I have a virtual machine where we installed the LPAR2RRD and STOR2RRD Virtual appliance from OVF file. When we do a search using Grype (Anchore scanning tool) against this virtual machine, it says that log4j version 2.12.1 is inside of the file /opt/xorux/xormon/xormon.war. I saw the statements that lpar2rrd stor2rrd don't use log4j. I don't know what xormon.war is, so I wanted to see if it's ok to delete, or if it has log4j inside it? Thank you
-
Hi,xormon contains log4j-api only which is not vulnerable, problem is in log4j-core which is not used by us.
Howdy, Stranger!
Categories
- 1.6K All Categories
- 41 XORMON NG
- 25 XORMON
- 149 LPAR2RRD
- 13 VMware
- 16 IBM i
- 2 oVirt / RHV
- 4 MS Windows and Hyper-V
- Solaris / OracleVM
- XenServer / Citrix
- Nutanix
- 6 Database
- 2 Cloud
- 10 Kubernetes / OpenShift / Docker
- 122 STOR2RRD
- 19 SAN
- 7 LAN
- 17 IBM
- 3 EMC
- 12 Hitachi
- 5 NetApp
- 15 HPE
- Lenovo
- 1 Huawei
- 1 Dell
- Fujitsu
- 2 DataCore
- INFINIDAT
- 3 Pure Storage
- Oracle