Steps to protect Cloud Security Plus from Log4j vulnerabilities (CVE-2021-45046, CVE-2021-44228, and CVE-2021-45105)

Steps to protect Cloud Security Plus from Log4j vulnerabilities (CVE-2021-45046, CVE-2021-44228, and CVE-2021-45105)

This post has been updated on 20/12/2021.

 

Dear users,

 

Three high severity vulnerabilities, (CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105), impacting multiple versions of Apache Log4j utility, were disclosed recently. We have found no evidence of any successful exploitation in Cloud Security Plus as of now. However, the affected Log4j version is used in Cloud Security Plus in the bundled dependency, so we strongly recommend all our customers to follow the below steps to protect Cloud Security Plus from the vulnerabilities.

 

Note: This procedure is applicable for the vulnerabilities (CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105) irrespective of Cloud Security Plus's current build number.

 

1. Stop the Cloud Security Plus Service.

 

2. Open command prompt in admin mode. Navigate to <Cloud Security Plus installation folder>\ES\bin and run stopES.bat file.

 

3. Navigate to <Cloud Security Plus installation folder>\ES\lib and take a backup of the following files:

 

log4j-1.2-api-2.9.1.jar (or) log4j-1.2-api-2.15.0.jar (or) log4j-1.2-api-2.16.0.jar

log4j-api-2.9.1.jar  (or) log4j-api-2.15.0.jar (or) log4j-1.2-api-2.16.0.jar

log4j-core-2.9.1.jar (or) log4j-core-2.15.0.jar (or) log4j-1.2-api-2.16.0.jar

 

and move them to a different folder outside the product installation path.

 

4. Download and unzip the JAR files from the below link:

 

https://downloads.zohocorp.com/dnd/EventLog_Analyzer_Support/msCzUJGksaD1m3P/log4j-2.17.0.zip

 

5. Copy the downloaded jar files to <Cloud Security Plus installation folder>\ES\lib


6. Delete the following files from <Cloud Security Plus installation folder>\ES\lib (if they exist)

 

log4j-1.2-api-2.9.1.jar (or) log4j-1.2-api-2.15.0.jar (or) log4j-1.2-api-2.16.0.jar

log4j-api-2.9.1.jar  (or) log4j-api-2.15.0.jar (or) log4j-1.2-api-2.16.0.jar

log4j-core-2.9.1.jar (or) log4j-core-2.15.0.jar (or) log4j-1.2-api-2.16.0.jar

 

7. Start the ManageEngine Cloud Security Plus service.

 

Best,

Cloud Security Plus.