This post has been updated on 17/12/2021.
Dear Folks,
Three high severity vulnerabilities, (CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105), impacting Log4j utility, were disclosed recently. We have found no evidence of any successful exploitation in EventLog Analyzer as of now. However, we strongly recommend all our customers follow the below steps to protect EventLog Analyzer from vulnerabilities.
Follow the below workaround steps to protect your EventLog Analyzer from Log4j vulnerability. We will be replacing the log4j-core-2.9.1.jar with a latest version that does not contain the vulnerable jar.
Note: If you are using EventLog Analyzer versions below 12146, we strongly recommend you to upgrade to the latest build to protect your installation from Log4j vulnerabilities.
1. Download/unzip the jar files from the below link:
https://downloads.zohocorp.com/dnd/EventLog_Analyzer_Support/msCzUJGksaD1m3P/log4j-2.17.0.zip
2. Stop the EventLog Analyzer service.
3. Stop the Log360 service. (If it is running and skip if it is not installed)
4. Open command prompt in admin mode. Navigate to <Installation dir>/Eventlog Analyzer/ES/bin and run stopES.bat file.
<Installation dir>/elasticsearch/ES/bin and run stopES.bat file (skip if this location does not exist).
5. Move the downloaded jar files to the following folders:
<Installation dir>/Eventlog Analyzer/ES/lib
<Installation dir>/elasticsearch/ES/lib (skip if location does not exist)
6. Delete the following files from <Eventlog Analyzer>/ES/lib and <Installation dir>/elasticsearch/ES/lib (skip if this location does not exist).
log4j-1.2-api-2.9.1.jar (or) log4j-1.2-api-2.15.0.jar (or) log4j-1.2-api-2.16.0.jar
log4j-api-2.9.1.jar (or) log4j-api-2.15.0.jar (or) log4j-api-2.16.0.jar
log4j-core-2.9.1.jar (or) log4j-core-2.15.0.jar (or) log4j-core-2.16.0.jar
7. Start the Log360 service (skip if it is not installed).
8. Start the EventLog Analyzer service.
Best,
EventLog Analyzer Team