Critical Security Vulnerability CVE-2018-1285 for log4net on SupportabilityTools\HealthAssistant

Critical Security Vulnerability CVE-2018-1285 for log4net on SupportabilityTools\HealthAssistant

book

Article ID: CTX554967

calendar_today

Updated On:

Description

Critical Security Vulnerability CVE-2018-1285 for log4net is flagged on VDA during vulnerability scan.
The log4net.dll is stored following folder: "C:\Program Files\Citrix\SupportabilityTools\HealthAssistant\"
 

Resolution

Citrix SupportabilityTools \ HealthAssistant are to be considered deprecated and uninstalled.
This requires the following steps:
  1. Uninstalling the VDA
  2. Reinstalling with the Supportability tools option left unticked.
Customers are advised to install Citrix Scout going forward as an alternative to Citrix Health Assistant 
Powered by Wolken Software