Splunk® User Behavior Analytics

Release Notes

This documentation does not apply to the most recent version of Splunk® User Behavior Analytics. For documentation on the most recent version, go to the latest release.

Log4j in Splunk UBA 5.3.0

In Splunk UBA version 5.3.0, all Log4j related jars in the OS packages have either been removed or replaced by Reload4j besides the following.

The following packages have been patched to remove vulnerable classes:

  1. Log4j 1.2.x in /var/vcap/store/docker/aufs/diff/<Image Layer ID>/usr/lib/impala/lib/:
    • org/apache/log4j/net/SocketAppender.class: CVE-2019-17571
    • org/apache/log4j/net/SocketServer.class: CVE-2019-17571
    • org/apache/log4j/net/SMTPAppender$1.class: CVE-2020-9488
    • org/apache/log4j/net/SMTPAppender.class: CVE-2020-9488
    • org/apache/log4j/net/JMSAppender.class: CVE-2021-4104
    • org/apache/log4j/net/JDBCAppender.class: CVE-2022-23305
    • org/apache/log4j/chainsaw/*.class: CVE-2022-23307

    This can also be safely resolved by removing the /var/vcap/store/docker/aufs/diff/ directory, as mentioned in the Known issue UBA-17734.

  2. Log4j 2.x in the Hive OS library /usr/lib/hive/lib:
    • org/apache/logging/log4j/core/lookup/JndiLookup.class: CVE-2021-44228
  3. Non-core Log4j files which do not contain critical or high vulnerabilities.
Last modified on 06 October, 2023
Fixed issues in Splunk UBA   Getting help with Splunk UBA

This documentation applies to the following versions of Splunk® User Behavior Analytics: 5.3.0

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters