Phil, I agree. However, the reason we offer such scan is that there other vendor products installed in uss. It is not ibm only issue. The second one is attitude. Remember the days of Spectre? Ibm never admitted they have it until they had a solution and clients was unsure if they are in risk or not.
If you scan, you have a list of products and vendors you can query. ITschak בתאריך יום ג׳, 14 בדצמ׳ 2021 ב-17:39 מאת Phil Smith III <[email protected]>: > Making things even more confusing, there are lots of ways to use log4j, > only > some of which expose this vulnerability. For example, Splunk uses it, but > says the exploit matters on "All supported non-Windows versions of 8.1.x > and > 8.2.x only if Hadoop (Hunk) and/or DFS are used." > > > > It appears that the offending libraries are always installed, so some/many > systems will show up in scans, but are not really at risk. The good news is > that in those cases, those jars can be renamed/moved/removed to clear up > the > false positive. > > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > -- *| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux and IBM I **| * *|* *Email**: [email protected] **|* *Mob**: +972 522 986404 **|* *Skype**: ItschakMugzach **|* *Web**: www.Securiteam.co.il **|* ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
