Check for JAR Files (possibly) affected by CVE-2021-44228

This Server Configuration Monitor script will check for JAR files on all drives and see if they make reference to the JndiLookup class.  Currently, this profile will not dig further than just checking if the files exist.  In other words, it does not check the version to see if it's an affected version.

Later versions may include additional updates.

Anonymous
  • is there a way to implement this without SCM? We are not running SCM and are also in need of a solution to find these JAR files

  • Remember, to install a SCM Profile, you must be logged into your instance as a User with SCM Admin access.  If you go to Settings > All Settings > Server Configuration Manager Settings and get a 404 error, go to User Management, edit the account you are trying to use and scroll to the bottom and expand the "Server Configuration Monitor Settings.  Change the "SCM User Role" from User to Admin.  Save the changes and then go back to the SCM settings.  Click on the "Profile" tab and upload the profile you just downloaded from this article.