How to rectify log4j files found in MATLAB 2018B?
9 views (last 30 days)
Show older comments
I found a few instances of log4j with the C:\Program Files\MATLAB or C:\Program Files (x86). How do I rectify them because they are throwing critical findings on my Nessus scans. Thank you.
John
0 Comments
Answers (1)
Abhishek Krishna
on 7 Jul 2023
Hi,
log4j may be used by various applications, so it's recommended to check if any other applications on your system are also using log4j and update them accordingly.
Below are the additional points you can consider to rectify the issue:
1. Identify the log4j version: Determine the specific version of log4j that is present in those directories. This is important because log4j versions prior to 2.15.0 are vulnerable to the recent log4j vulnerability (CVE-2021-44228).
2. Update or patch log4j: If the log4j version you found is vulnerable, you need to update or patch it to a secure version. As of now, the latest secure version is 2.17.0
3. Replace the vulnerable log4j files: Once you have the updated log4j version, replace the vulnerable log4j files in the directories C:\Program Files\MATLAB or C:\Program Files (x86) with the new version. Make sure to take a backup of the existing files before replacing them.
4. Restart affected applications: After replacing the log4j files, restart any applications that rely on log4j for logging. This ensures that the updated version is being used.
5. Re-scan with Nessus: Once you have completed the above steps, run another scan with Nessus to confirm that the log4j vulnerabilities are no longer detected.
I hope this helps!
0 Comments
See Also
Categories
Find more on Workspace Variables and MAT-Files in Help Center and File Exchange
Community Treasure Hunt
Find the treasures in MATLAB Central and discover how the community can help you!
Start Hunting!