Precautionary steps to protect Log360 UEBA from Log4j vulnerabilities CVE-2021-45046, CVE-2021-44228, CVE-2021-45105, and CVE-2021-44832

Precautionary steps to protect Log360 UEBA from Log4j vulnerabilities CVE-2021-45046, CVE-2021-44228, CVE-2021-45105, and CVE-2021-44832

In Log360 UEBA , the affected log4j version is used in the bundled dependency. Our security experts are analyzing the issue and as of now, we have no conclusive evidence of our product being affected by it. However, we strongly recommend all our customers to follow the below steps as a precautionary measure.
  1. Stop Log360 UEBA service.

  2. Navigate to <Log360 UEBA installation folder>\ES|lib where <Log360 UEBA installation folder> is the location where Log360 UEBA is installed in your machine.

  3. Take a backup of the files log4j-1.2-api-2.9.1.jar, log4j-api-2.9.1.jar, and log4j-core-2.9.1.jar, and move them to a different folder other than the Log360 UEBA installation folder.

  4. Navigate to <Log360 UEBA installation folder>\lib, take a backup of the file log4j-1.2.15, and move it to a different folder other than the Log360 UEBA installation folder. [Note : This file will be present only from version 4031 to version 4033]

  5. Download the files in this link, extract the contents of the .zip file, and place them in the <Log360 UEBA installation folder>\ES\lib folder.

  6. Start Log360 UEBA service.

Note: As per the latest update from Apache, there is no need to perform the previous workarounds (modifying jvm.options file and wrapper.conf files). Apache has released a .jar file which can mitigate against this vulnerability. 


                  New to ADSelfService Plus?