We developed a check in our product, IronSphere to scan USS for log3j.jar and jar files that include it. We found four log4j.jar files and four product jars that use it.
We offer this program for free as a batch compiled rexx program (does not require IronSphere server). Once you have the list, contact your vendor to get a fix and/or the version installed. Not sure if attachments are allowed here, so please email me privately if you like to have a copy. the kars we found are: QIF0200I (QIFUSS99) LOG4J JAR FOUND: /apps/ucd/v6.2.6/dtsc-agent/conf/agent/lib/log4j.jar QIF0200I (QIFUSS99) LOG4J JAR FOUND: /apps/ucd/v6.2.6/dtsc-agent/conf/agent/monitor/log4j.jar QIF0200I (QIFUSS99) LOG4J JAR FOUND: /Z23A/usr/lpp/cicsts/cicsts53/lib/pipeline/log4j.jar QIF0200I (QIFUSS99) LOG4J JAR FOUND: /Z23A/usr/lpp/cicsts/cicsts54/lib/pipeline/log4j.jar QIF0200I (QIFUSS99) LOG4J JAR FOUND: /Z23A/usr/lpp/IBM/ucd/v6.2.6/ucdagent/ibm-ucd-agent-install/lib/log4j.jar QIF0200I (QIFUSS99) JAR USING LOG4J: /Z23A/usr/lpp/java/J8.0_64/lib/resources.jar QIF0200I (QIFUSS99) JAR USING LOG4J: /Z23A/usr/lpp/java/J8.0/lib/resources.jar QIF0200I (QIFUSS99) JAR USING LOG4J: /Z23A/usr/lpp/zWebSphere/V9R0/java/8.0/lib/resources.jar QIF0200I (QIFUSS99) JAR USING LOG4J: /Z23A/usr/lpp/zLiberty/V9R0/java/8.0/lib/resources.jar ITschak Mugzach *|** IronSphere Platform* *|* *Information Security Continuous Monitoring for z/OS, x/Linux & IBM I **| z/VM coming soon * ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
