IBM Support

ITCAM for SOA - considerations for log4j

News


Abstract

Statement on the impact of log4j on ITCAM for SOA

Content

ITCAM for SOA L3/Development completed a review and found that despite the existence of "log4j" files in the IBM Tivoli Monitoring directory structure, supported versions of ITCAM for SOA are not impacted by any log4j related CVEs because the files are not actively used.
  •  
  • IBM Tivoli Monitoring
Some information on the impact of log4j in ITCAM for SOA
Q: Where you might find log4j on IBM Tivoli Monitoring Server?
A: ITCAM for SOA Portal Server support files
On IBM Tivoli Monitoring server on Linux/Unix
lx8266/cq/Products/KD4/latest/tcore/lib/log4j.jar
lx8266/cq/Products/KD4/latest/tcore/j2ee/oal-j2c.rar
On IBM Tivoli Monitoring server on Windows
CNPS\Products\KD4\latest\tcore\lib\log4j.jar
CNPS\Products\KD4\latest\tcore\lib\oal-j2c.rar
Q: What's the log4j impact of those files?
A: No log4j impact.

Those jars were from Tivoli Application Dependency Discovery Manager.

"TCORE which is an embedded version of the same component used in Tivoli Application Dependency Discovery Manager (TADDM) and Tivoli Change and Configuration Management Database (CCMDB).  As of 7.1.1, ITCAM for SOA is the only product to ship it."

And the Tivoli Application Dependency Discovery Manager and Tivoli Change and Configuration Management Database version that SOA support were end-of -support now. So this should be one un-supported scenario.

Change and Configuration Management Database version 7.1 (End of support date: 2013-09-30)

Tivoli Application Dependency Discovery Manager version 7.2 and later fix packs (End of support date: 2019-09-30)

Even TADDM and CCMDB are being used, the log4j are not being used. But we do suggest not using those since they are EOSed now.

Q: Can those files be removed?
A: Yes, those files can be removed manually.

[{"Type":"MASTER","Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS3PHK","label":"Tivoli Composite Application Manager for SOA"},"ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Document Information

Modified date:
04 February 2022

UID

ibm16553870

Page Feedback