NetWorker: Server File Identified as Affected by the Apache Log4j 1.x Vulnerabilities-False Positive
Summary: A Security Vulnerability Scanner detects the "/nsr/authc/webapps/ebr-server.war" server file may contain the Apache Log4j Security Vulnerability in a NetWorker 19.6.0 Datazone.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
A Security Vulnerability Scanner detects the server file "/nsr/authc/webapps/ebr-server.war" may contain the Apache Log4j Security Vulnerability in a NetWorker 19.6.0 Datazone.
Cause
The NetWorker Datazone was upgraded from a previous NetWorker release (such as 19.3.0.0), which used the ebr-server.war server file. A new deployment of NetWorker 19.6.0.0 or later does not include the ebr-server.war server file.
The NetWorker server upgrade does not remove remnant files from the /nsr/authc/webapps. This is expected to be addressed in a future NetWorker release.
The NetWorker server upgrade does not remove remnant files from the /nsr/authc/webapps. This is expected to be addressed in a future NetWorker release.
Resolution
NetWorker 19.6.0.0 and later installation does not require "/nsr/authc/webapps/ebr-server.war" file. This file can be removed from the server.
Copy the file off the server or remove it with the command:
Copy the file off the server or remove it with the command:
rm -rf /nsr/authc/webapps/ebr-server.war
Additional Information
Apache Log4j Security Vulnerability does not affect the "/nsr/authc/webapps/ebr-server.war" file as per Dell article 182335.
Article Properties
Article Number: 000200967
Article Type: Solution
Last Modified: 14 Jun 2023
Version: 4
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.