12-13-2021 07:17 AM
With the release of a POC for the Apache Log4j2 CV can we confirm Data Insight is or is not affected?
Mitre - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228,==
What effect will setting 'MsgNoLookups' or disabling 'trustURLCodebase' have on DI's operations and logging?
12-13-2021 12:51 PM
I understand this is being looked at now (along with other impacted Veritas products) and a technote or article will be produced shortly with any mitigation steps required.
And no I don't know how soon this will be.
12-13-2021 12:56 PM
No one does David.
The POC was released over the weekend and scans are progressing.
We have reached out to the Support team as well thanks.
12-13-2021 01:26 PM
We have updated the Knowledge Base regarding this vulnerability
12-18-2021 12:34 PM
DataInsight has released the patch for Log4j vulnerability for CVE 2021-44228 and CVE-2021-45046. The detailed KB article for the same is https://www.veritas.com/content/support/en_US/article.100052067.html . The DataInsight team will continue to assess the newly announced CVE 2021-45105 in Log4j for released DI versions.
01-03-2022 07:17 AM
Any feedback on the 2.17.1 patch version?
What is the risk of removing the SYMHELP folder from all nodes other than the MS or SSP where it may actually be called?
I guess we need to understand what the DI app uses it for.
01-04-2022 07:06 AM