Update regarding the Apache Log4j vulnerability
Hi,
Note: This update was based on the initial response from Apache. We have now posted a new article with the necessary steps to protect your ADManager Plus instance. Click here to view our latest update about this vulnerability.
We have now released a new build, 7122, which includes the precautionary measures to protect against vulnerabilities CVE-2021-44228, CVE-2021-45046. Click here for 7122 service pack and build download links.
We wanted to let you know about the recent Apache Log4j zero day RCE vulnerability. ADManager Plus uses Log4j version 2.11.1 bundled with a dependency. Our security experts are analyzing the issue and as of now, we have no conclusive evidence of our product being affected by it.
Precautionary steps to take against this vulnerability
We strongly recommend all our customers to follow the below steps as soon as possible, to protect their ADManager Plus instance against this vulnerability:
Step 1: Stop ADManager Plus.
Step 2: Navigate to <Installation folder>\ADManager Plus\ES\config and take backup of jvm.options
Step 3: Edit the jvm.options and add the following as displayed in the image and save the file
-Dlog4j2.formatMsgNoLookups=true
Step 4: Navigate to <Installation folder>\ADManager Plus\bin
Step 5: Take backup of wrapper_additional.conf
Step 6: Edit wrapper_additional.conf and add the following as displayed in the image and save the file
-Dlog4j2.formatMsgNoLookups=true
Step 7: Start ADManager Plus
If you need any additional information or assistance in performing the recommended steps, please write to us at support@admanagerplus.com. You can also call us at +1-844-245-1108 (toll-free).
Cheers,
Team ADManager Plus
Toll-Free: +1-844-245-1108
Email: support@admanagerplus.com