With the release of a POC for the Apache Log4j2 CV can we confirm Data Insight is or is not affected?
What effect will setting 'MsgNoLookups' or disabling 'trustURLCodebase' have on DI's operations and logging?
I understand this is being looked at now (along with other impacted Veritas products) and a technote or article will be produced shortly with any mitigation steps required.
And no I don't know how soon this will be.
DataInsight has released the patch for Log4j vulnerability for CVE 2021-44228 and CVE-2021-45046. The detailed KB article for the same is https://www.veritas.com/content/support/en_US/article.100052067.html . The DataInsight team will continue to assess the newly announced CVE 2021-45105 in Log4j for released DI versions.
Any feedback on the 2.17.1 patch version?
What is the risk of removing the SYMHELP folder from all nodes other than the MS or SSP where it may actually be called?
I guess we need to understand what the DI app uses it for.