A short update. People that ran the program on their systems reported more products that make use of log4j. Looks like it is quite a common issue in USS.
Lesson is that modernizing the mainframe, modernizes the vulnerabilities as well. ITschak. ITschak Mugzach *|** IronSphere Platform* *|* *Information Security Continuous Monitoring for z/OS, x/Linux & IBM I **| z/VM coming soon * On Sun, Dec 12, 2021 at 8:08 PM ITschak Mugzach <[email protected]> wrote: > We developed a check in our product, IronSphere to scan USS for log3j.jar > and jar files that include it. We found four log4j.jar files and four > product jars that use it. > > We offer this program for free as a batch compiled rexx program (does not > require IronSphere server). > > Once you have the list, contact your vendor to get a fix and/or > the version installed. > > Not sure if attachments are allowed here, so please email me privately if > you like to have a copy. the kars we found are: > > QIF0200I (QIFUSS99) LOG4J JAR > FOUND: /apps/ucd/v6.2.6/dtsc-agent/conf/agent/lib/log4j.jar > QIF0200I (QIFUSS99) LOG4J JAR > FOUND: /apps/ucd/v6.2.6/dtsc-agent/conf/agent/monitor/log4j.jar > QIF0200I (QIFUSS99) LOG4J JAR > FOUND: /Z23A/usr/lpp/cicsts/cicsts53/lib/pipeline/log4j.jar > QIF0200I (QIFUSS99) LOG4J JAR > FOUND: /Z23A/usr/lpp/cicsts/cicsts54/lib/pipeline/log4j.jar > QIF0200I (QIFUSS99) LOG4J JAR > FOUND: > /Z23A/usr/lpp/IBM/ucd/v6.2.6/ucdagent/ibm-ucd-agent-install/lib/log4j.jar > QIF0200I (QIFUSS99) JAR USING > LOG4J: /Z23A/usr/lpp/java/J8.0_64/lib/resources.jar > QIF0200I (QIFUSS99) JAR USING > LOG4J: /Z23A/usr/lpp/java/J8.0/lib/resources.jar > QIF0200I (QIFUSS99) JAR USING > LOG4J: /Z23A/usr/lpp/zWebSphere/V9R0/java/8.0/lib/resources.jar > QIF0200I (QIFUSS99) JAR USING > LOG4J: /Z23A/usr/lpp/zLiberty/V9R0/java/8.0/lib/resources.jar > > > > ITschak Mugzach > *|** IronSphere Platform* *|* *Information Security Continuous Monitoring > for z/OS, x/Linux & IBM I **| z/VM coming soon * > > > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
