Hi,
cant find anything on this topic, altough it should be here:
The License Server is effected correct? Any mitigations done?
2 Likes
Additionally:
Log4j Java Vulnerability (CVE-2021-44228) for Legacy vGPU Software License Server (nvidia.com)
You’ll also need to follow their instructions to remove the JNDILookup class in the following files.
C:\NVIDIA\LicenseServer\Tomcat\webapps\licserver.war
C:\NVIDIA\LicenseServer\ui\licserver.war
Any information on where I can find docs for removal of the JNDILookup class from licserver.war files?
Log4j Java Vulnerabilities for Legacy vGPU Software License Server (nvidia.com)
From the article -
Note: Mitigation steps are updated on Dec 23rd, 2021 to address recently reported new CVE-2021-45105, so if you used the previous mitigation steps (deleting JndiLookup class), it does not address CVE-2021-45105.
Hi,
I have already follow ESPCommunity
upgrade the log4j to 2.17.1
But whenI use log4shell tool (Release v1.0.0-log4shell · lunasec-io/lunasec · GitHub)to check log4j,the result shows that the path argument in /opt/flexnetls/nvidia/
still include log4j 2.14
I have already search my license server, there is no log4j-core-2.14.0.jar
Is this path still work?or in which way I can fix this?
thanks for the help.