This update was based on the initial response from Apache. We have now posted a new article with the necessary steps to protect your ADManager Plus instance. Click here
to view our latest update about this vulnerability.
We have now released a new build, 7122, which includes the precautionary measures to protect against vulnerabilities CVE-2021-44228, CVE-2021-45046. Click here for 7122 service pack and build download links.
We wanted to let you know about the recent Apache Log4j zero day RCE vulnerability. ADManager Plus uses Log4j version 2.11.1 bundled with a dependency. Our security experts are analyzing the issue and as of now, we have no conclusive evidence of our product being affected by it.
Precautionary steps to take against this vulnerability
We strongly recommend all our customers to follow the below steps as soon as possible, to protect their ADManager Plus instance against this vulnerability:
Step 1: Stop ADManager Plus.
Step 2: Navigate to <Installation folder>\ADManager Plus\ES\config and take backup of jvm.options
Step 3: Edit the jvm.options and add the following as displayed in the image and save the file
Step 7: Start ADManager Plus
If you need any additional information or assistance in performing the recommended steps, please write to us at firstname.lastname@example.org
. You can also call us at +1-844-245-1108 (toll-free).
Team ADManager Plus