Apache Log4j (CVE-2021-44228)

Dear Valued Customer:

A new remote code exploitation (RCE) vulnerability (CVE-2021-44228 / CVSS score 10.0) dubbed LogJam/Log4Shell hit the internet on Friday December 10th, 2021 that has security individuals extremely concerned, and for good reason.

The vulnerable code is part of the Apache logging framework, which is an open-source framework used by developers for logging purposes. The source of the vulnerability, Log4j, is a java library within the framework and is used to collect activity. Recent reports indicate the exploit may have started as early as December 1st, but there was no evidence of mass exploitation until the vulnerability went public. Current affected SecureKi product is only the ORISS.

SecureKi didn’t use Apache Log4j for version web schema 5,6, it is save to remove from the server.

 Refer below steps for removing the log4j related jar file from the APPM

Step 1: Tar /zip command before delete
1. Login as root
2. mkdir /home/appm/tmp/Backup_log4j
3. cd /home/appm/tmp/Backup_log4j
4. chown appm:root /home/appm/tmp/Backup_log4j
5. find / -type f -name '*.jar*' | grep log4j*
6. tar -cvzBpf backup.tar.gz `find / -type f -name '*.jar*' | grep log4j*`
7. chown appm:root /home/appm/tmp/Backup_log4j/backup.tar.gz

Step 2: Copy out the tar file to pc (via filezilla/winscp)

Step 3: Remove the following (Give command as well)
1. rm -rf *log4j* `find / -type f -name '*.jar*' | grep log4j*`
2. find / -type f -name '*.jar*' | grep log4j*
Expected output : -
enter below command and ensure no more log4j libary file in appm
 3. find / -type f -name '*.jar*' | grep log4j*
  

The current affected product is ORISS.

Download the jdk1.8.tar (157.73 MB) and appm_oriss_patch_20211216.zip (44.66 MB) from our support portal.

1. / home/oriss/webroot/oriss/ROOT backup
* cp –rf ROOT 20211216_ORG_ROOT
2. Delete directory /home/oriss/webroot/oriss/ROOT/WEB-INF/lib
3. Delete /home/oriss/webroot/oriss/ROOT/WEB-INF/classes/log4j.xml
4. cd /home/oriss
unzip /tmp/appm_oriss_patch_20211216.zip
tar xvf /tmp/jdk1.8.tar
vi .profile => change old jdk path to new jdk1.8 path
5. source .profile
 6. Restart apache tomcat.
  

Please contact your reseller or log a support ticket with SecureKi to request for the patch.

We are proactively performing the testing on patching the Log4j and remediating the vulnerability.

We will keep your team updated once we get feedback from the R&D on the step-by-step guide on patching the Log4j software library.

 We appreciate your understanding and assistance in helping us to help you minimize the impact of this Log4j CVE on your company and your customers.
  

Sincerely,
 The SecureKi Team