IBM License Metric Tool (ILMT)

Hi,

I am seeing this vulnerability jar file C:\Program Files\Microsoft SQL Server\150\DTS\Extensions\Common\Jars\log4j-1.2.17.jar on ILMT server. Can we directly delete this file from the folder or how can we fix this. We are using ILMT version 9.2.33.0 and Bigfix version is 11.0.0.175.

Thank you,

Hello Sudhir,

This log4j library is not used by ILMT or Bigfix.
I guess that it's a part of Java support for SQL server (also not used by ILMT or Bigfix).

The best course of action to fix this is to install some latest SQL Server Update (or fix pack) for the SQL Server version you are using.
Microsoft has addressed all log4j issues long time ago... 

------------------------------
Thank you,
Oktawian

Oktawian Powązka, L3 Support
IBM License Metric Tool

Original Message:
Sent: Mon March 25, 2024 02:47 PM
From: Sudhir Kakarla
Subject: Vulnerability on ILMT server C:\Program Files\Microsoft SQL Server\150\DTS\Extensions\Common\Jars\log4j-1.2.17.jar

Hi,

I am seeing this vulnerability jar file C:\Program Files\Microsoft SQL Server\150\DTS\Extensions\Common\Jars\log4j-1.2.17.jar on ILMT server. Can we directly delete this file from the folder or how can we fix this. We are using ILMT version 9.2.33.0 and Bigfix version is 11.0.0.175.

Thank you,

------------------------------
Sudhir Kakarla
------------------------------

Thank you Oktawian!

I just updated the cumulative update on sql server fixed the log4j.

Below link has cumulative pack details:

------------------------------
Sudhir Kakarla

Original Message:
Sent: Tue March 26, 2024 04:02 AM
From: Oktawian Powązka
Subject: Vulnerability on ILMT server C:\Program Files\Microsoft SQL Server\150\DTS\Extensions\Common\Jars\log4j-1.2.17.jar

Hello Sudhir,

This log4j library is not used by ILMT or Bigfix.
I guess that it's a part of Java support for SQL server (also not used by ILMT or Bigfix).

The best course of action to fix this is to install some latest SQL Server Update (or fix pack) for the SQL Server version you are using.
Microsoft has addressed all log4j issues long time ago... 

------------------------------
Thank you,
Oktawian

Oktawian Powązka, L3 Support
IBM License Metric Tool

Original Message:
Sent: Mon March 25, 2024 02:47 PM
From: Sudhir Kakarla
Subject: Vulnerability on ILMT server C:\Program Files\Microsoft SQL Server\150\DTS\Extensions\Common\Jars\log4j-1.2.17.jar

Hi,

I am seeing this vulnerability jar file C:\Program Files\Microsoft SQL Server\150\DTS\Extensions\Common\Jars\log4j-1.2.17.jar on ILMT server. Can we directly delete this file from the folder or how can we fix this. We are using ILMT version 9.2.33.0 and Bigfix version is 11.0.0.175.

Thank you,

------------------------------
Sudhir Kakarla
------------------------------

Hello Sudhir,

Mysql server is neither used by ILMT nor Bigfix.

Thank you Oktawian!

I just updated the cumulative update on sql server fixed the log4j.

Below link has cumulative pack details:

------------------------------
Sudhir Kakarla

Original Message:
Sent: Tue March 26, 2024 04:02 AM
From: Oktawian Powązka
Subject: Vulnerability on ILMT server C:\Program Files\Microsoft SQL Server\150\DTS\Extensions\Common\Jars\log4j-1.2.17.jar

Hello Sudhir,

This log4j library is not used by ILMT or Bigfix.
I guess that it's a part of Java support for SQL server (also not used by ILMT or Bigfix).

The best course of action to fix this is to install some latest SQL Server Update (or fix pack) for the SQL Server version you are using.
Microsoft has addressed all log4j issues long time ago... 

------------------------------
Thank you,
Oktawian

Oktawian Powązka, L3 Support
IBM License Metric Tool

Original Message:
Sent: Mon March 25, 2024 02:47 PM
From: Sudhir Kakarla
Subject: Vulnerability on ILMT server C:\Program Files\Microsoft SQL Server\150\DTS\Extensions\Common\Jars\log4j-1.2.17.jar

Hi,

I am seeing this vulnerability jar file C:\Program Files\Microsoft SQL Server\150\DTS\Extensions\Common\Jars\log4j-1.2.17.jar on ILMT server. Can we directly delete this file from the folder or how can we fix this. We are using ILMT version 9.2.33.0 and Bigfix version is 11.0.0.175.

Thank you,

------------------------------
Sudhir Kakarla
------------------------------

Hi Oktawian,

Thank you for the responce.
What about the temadb. I guess it should be on local host where ILMT Service is running right? 

to run the temadb on local host do we require Mysql on that server.

Thanks,

Sudhir

Hello Sudhir,

Mysql server is neither used by ILMT nor Bigfix.

Thank you Oktawian!

I just updated the cumulative update on sql server fixed the log4j.

Below link has cumulative pack details:

------------------------------
Sudhir Kakarla

Original Message:
Sent: Tue March 26, 2024 04:02 AM
From: Oktawian Powązka
Subject: Vulnerability on ILMT server C:\Program Files\Microsoft SQL Server\150\DTS\Extensions\Common\Jars\log4j-1.2.17.jar

Hello Sudhir,

This log4j library is not used by ILMT or Bigfix.
I guess that it's a part of Java support for SQL server (also not used by ILMT or Bigfix).

The best course of action to fix this is to install some latest SQL Server Update (or fix pack) for the SQL Server version you are using.
Microsoft has addressed all log4j issues long time ago... 

------------------------------
Thank you,
Oktawian

Oktawian Powązka, L3 Support
IBM License Metric Tool

Original Message:
Sent: Mon March 25, 2024 02:47 PM
From: Sudhir Kakarla
Subject: Vulnerability on ILMT server C:\Program Files\Microsoft SQL Server\150\DTS\Extensions\Common\Jars\log4j-1.2.17.jar

Hi,

I am seeing this vulnerability jar file C:\Program Files\Microsoft SQL Server\150\DTS\Extensions\Common\Jars\log4j-1.2.17.jar on ILMT server. Can we directly delete this file from the folder or how can we fix this. We are using ILMT version 9.2.33.0 and Bigfix version is 11.0.0.175.

Thank you,

------------------------------
Sudhir Kakarla
------------------------------