https://community.splunk.com/t5/Security/Regarding-Log4j/m-p/579168#M15794 <P>Hello everyone,&nbsp;<BR /><BR />So according to the Splunk blog:&nbsp;<A href="https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html" target="_blank" rel="noopener">Splunk Security Advisory for Apache Log4j (CVE-2021-44228 and CVE-2021-45046) | Splunk</A>&nbsp;it says that the affected versions are: "<SPAN>All supported non-Windows versions of 8.1.x and 8.2.x&nbsp;</SPAN><STRONG>only if<SPAN>&nbsp;</SPAN></STRONG><SPAN>DFS is used.&nbsp;"&nbsp;</SPAN></P><P><SPAN>I'm using Splunk Enterprise Search Head &amp; Indexer with version 7.3.1 and I can see various log4j-1.2.17.jar files under location "/bin/jars/vendors/spark/2.3.0/lib/", "/etc/apps/splunk_app_db_connect/bin/lib/",&nbsp;/etc/apps/splunk_archiver/java-bin/jars/vendors/spark/ and etc.&nbsp;<BR /><BR />Also, I am attaching the result I received from a search query to determine if DFS is enabled on my Splunk servers.<span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="dfs_splunk.png" style="width: 999px;"><img src="https://community.splunk.com/t5/image/serverpage/image-id/17334i694A5CD058063E61/image-size/large?v=v2&amp;px=999" role="button" title="dfs_splunk.png" alt="dfs_splunk.png" /></span><BR />Should I be concerned about this vulnerability?&nbsp;<BR />Also to remediate, do I just need to replace this&nbsp;log4j-1.2.17.jar with the latest files directly in the respective directories or do I need to make any changes in the conf files as well?&nbsp;<BR /><BR />Any help will be appreciated.&nbsp;<BR /><BR />Thank you!</SPAN></P><P>&nbsp;</P> Thu, 23 Dec 2021 09:22:18 GMT abhi04d 2021-12-23T09:22:18Z https://community.splunk.com/t5/Security/Regarding-Log4j/m-p/579168#M15794 <P>Hello everyone,&nbsp;<BR /><BR />So according to the Splunk blog:&nbsp;<A href="https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html" target="_blank" rel="noopener">Splunk Security Advisory for Apache Log4j (CVE-2021-44228 and CVE-2021-45046) | Splunk</A>&nbsp;it says that the affected versions are: "<SPAN>All supported non-Windows versions of 8.1.x and 8.2.x&nbsp;</SPAN><STRONG>only if<SPAN>&nbsp;</SPAN></STRONG><SPAN>DFS is used.&nbsp;"&nbsp;</SPAN></P><P><SPAN>I'm using Splunk Enterprise Search Head &amp; Indexer with version 7.3.1 and I can see various log4j-1.2.17.jar files under location "/bin/jars/vendors/spark/2.3.0/lib/", "/etc/apps/splunk_app_db_connect/bin/lib/",&nbsp;/etc/apps/splunk_archiver/java-bin/jars/vendors/spark/ and etc.&nbsp;<BR /><BR />Also, I am attaching the result I received from a search query to determine if DFS is enabled on my Splunk servers.<span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="dfs_splunk.png" style="width: 999px;"><img src="https://community.splunk.com/t5/image/serverpage/image-id/17334i694A5CD058063E61/image-size/large?v=v2&amp;px=999" role="button" title="dfs_splunk.png" alt="dfs_splunk.png" /></span><BR />Should I be concerned about this vulnerability?&nbsp;<BR />Also to remediate, do I just need to replace this&nbsp;log4j-1.2.17.jar with the latest files directly in the respective directories or do I need to make any changes in the conf files as well?&nbsp;<BR /><BR />Any help will be appreciated.&nbsp;<BR /><BR />Thank you!</SPAN></P><P>&nbsp;</P> Thu, 23 Dec 2021 09:22:18 GMT https://community.splunk.com/t5/Security/Regarding-Log4j/m-p/579168#M15794 abhi04d 2021-12-23T09:22:18Z https://community.splunk.com/t5/Security/Regarding-Log4j/m-p/579181#M15795 <P>Since you're running an unsupported version of Splunk, the guidance in the blog doesn't apply.&nbsp; We can make some reasonable conclusions from it, however.</P><P>You're not using DFS so you should be safe.</P><P>To be "safer", follow the remediation instructions and remove the vulnerable jar files.</P><P>The instructions say nothing about changing config files so no changes are necessary.</P><P>To be "safest", upgrade to a version of Splunk that fixes the vulnerability.</P> Thu, 23 Dec 2021 13:16:26 GMT https://community.splunk.com/t5/Security/Regarding-Log4j/m-p/579181#M15795 richgalloway 2021-12-23T13:16:26Z