Original Message:
Sent: Mon April 01, 2024 10:57 AM
From: Sudhir Kakarla
Subject: Vulnerability on ILMT server C:\Program Files\Microsoft SQL Server\150\DTS\Extensions\Common\Jars\log4j-1.2.17.jar
Hi Oktawian,
Thank you for the responce.
What about the temadb. I guess it should be on local host where ILMT Service is running right?
to run the temadb on local host do we require Mysql on that server.
Thanks,
Sudhir
------------------------------
Sudhir Kakarla
Original Message:
Sent: Wed March 27, 2024 03:15 AM
From: Oktawian Powązka
Subject: Vulnerability on ILMT server C:\Program Files\Microsoft SQL Server\150\DTS\Extensions\Common\Jars\log4j-1.2.17.jar
Hello Sudhir,
Mysql server is neither used by ILMT nor Bigfix.
------------------------------
Thank you,
Oktawian
Oktawian Powązka, L3 Support
IBM License Metric Tool
Original Message:
Sent: Tue March 26, 2024 01:05 PM
From: Sudhir Kakarla
Subject: Vulnerability on ILMT server C:\Program Files\Microsoft SQL Server\150\DTS\Extensions\Common\Jars\log4j-1.2.17.jar
Thank you Oktawian!
I just updated the cumulative update on sql server fixed the log4j.
Below link has cumulative pack details:
https://learn.microsoft.com/en-us/troubleshoot/sql/releases/sqlserver-2019/cumulativeupdate16#how-to-obtain-or-download-this-or-the-latest-cumulative-update-package
Also do you know if we require mysql server running on the ILMT App server? Because we already have separate database servers where the ILMT DB is connected to.
Thanks,
Sudhir
------------------------------
Sudhir Kakarla
Original Message:
Sent: Tue March 26, 2024 04:02 AM
From: Oktawian Powązka
Subject: Vulnerability on ILMT server C:\Program Files\Microsoft SQL Server\150\DTS\Extensions\Common\Jars\log4j-1.2.17.jar
Hello Sudhir,
This log4j library is not used by ILMT or Bigfix.
I guess that it's a part of Java support for SQL server (also not used by ILMT or Bigfix).
The best course of action to fix this is to install some latest SQL Server Update (or fix pack) for the SQL Server version you are using.
Microsoft has addressed all log4j issues long time ago...
------------------------------
Thank you,
Oktawian
Oktawian Powązka, L3 Support
IBM License Metric Tool
Original Message:
Sent: Mon March 25, 2024 02:47 PM
From: Sudhir Kakarla
Subject: Vulnerability on ILMT server C:\Program Files\Microsoft SQL Server\150\DTS\Extensions\Common\Jars\log4j-1.2.17.jar
Hi,
I am seeing this vulnerability jar file C:\Program Files\Microsoft SQL Server\150\DTS\Extensions\Common\Jars\log4j-1.2.17.jar on ILMT server. Can we directly delete this file from the folder or how can we fix this. We are using ILMT version 9.2.33.0 and Bigfix version is 11.0.0.175.
Thank you,
------------------------------
Sudhir Kakarla
------------------------------