Hi,
I upgraded to the latest WebSphere version 9.5.0.10 + iFix PH42762 to solve Log4J vulnerabilities in WebSphere.
The problem is, that a scan by security team found older Log4J versions residing on these paths:
(WebSphereInstallPath) \WebSphere\AppServer\properties\patches\backup\9.0.5.3-WS-WASProd-IFPH42728\installableApps\kc.war
and
(WebSphereInstallPath) \ WebSphere\AppServer\properties\patches\backup\9.0.5.3-WS-WASProd-IFPH42728\systemApps\isclite.ear\kc.war\WEB-INF\lib\log4j-core-2.8.2.jar
I thought that selecting the option to delete the 'files to Rollback' on IBM Installation Manager would clean these files but didn't worked.
Is it safe to delete all the contents of this path?
(WebSphereInstallPath) \ WebSphere\AppServer\properties\patches\backup