• Contact
  • Career
  • Insights
Menu
  • Contact
  • Career
  • Insights
  • EN
  • DE
  • Collaboration
    • Agile Project Management
    • Document Management
    • Intranet Portals
    • Knowledge Management
    • Team Communication
  • Search
    • Cognitive Search
    • Contract and Legal Search​
    • E-Commerce​
    • E-Discovery and GDPR Search
    • Enterprise Search​
    • Expert and People Search
    • Location Search​
    • Merger and Acquisition Search
    • Payment Reconciliation​
    • Site Search
    • Warranty Search
  • Cloud
    • Chat Bots
    • Cloud Collaboration Architectures
    • Cloud-Native Applications
    • Data Analytics​
    • Hybrid Infrastructures​
    • Lift & Shift
    • Machine Learning​
  • Services
  • Products
    • Enterprise Search Connectors
    • Search & Retrieval Interface
    • Custom Security Manager
    • Search Center for Microsoft Search
  • About
    • Career (in German)
    • Our Customers
    • Partners & Technologies
    • Insights
    • Webinars
    • Contact
Menu
  • Collaboration
    • Agile Project Management
    • Document Management
    • Intranet Portals
    • Knowledge Management
    • Team Communication
  • Search
    • Cognitive Search
    • Contract and Legal Search​
    • E-Commerce​
    • E-Discovery and GDPR Search
    • Enterprise Search​
    • Expert and People Search
    • Location Search​
    • Merger and Acquisition Search
    • Payment Reconciliation​
    • Site Search
    • Warranty Search
  • Cloud
    • Chat Bots
    • Cloud Collaboration Architectures
    • Cloud-Native Applications
    • Data Analytics​
    • Hybrid Infrastructures​
    • Lift & Shift
    • Machine Learning​
  • Services
  • Products
    • Enterprise Search Connectors
    • Search & Retrieval Interface
    • Custom Security Manager
    • Search Center for Microsoft Search
  • About
    • Career (in German)
    • Our Customers
    • Partners & Technologies
    • Insights
    • Webinars
    • Contact
  • Collaboration
    • Agile Project Management
    • Document Management
    • Intranet Portals
    • Knowledge Management
    • Team Communication
  • Search
    • Cognitive Search
    • Contract and Legal Search​
    • E-Commerce​
    • E-Discovery and GDPR Search
    • Enterprise Search​
    • Expert and People Search
    • Location Search​
    • Merger and Acquisition Search
    • Payment Reconciliation​
    • Site Search
    • Warranty Search
  • Cloud
    • Chat Bots
    • Cloud Collaboration Architectures
    • Cloud-Native Applications
    • Data Analytics​
    • Hybrid Infrastructures​
    • Lift & Shift
    • Machine Learning​
  • Services
  • Products
    • Enterprise Search Connectors
    • Search & Retrieval Interface
    • Custom Security Manager
    • Search Center for Microsoft Search
  • About
    • Career (in German)
    • Our Customers
    • Partners & Technologies
    • Insights
    • Webinars
    • Contact
Menu
  • Collaboration
    • Agile Project Management
    • Document Management
    • Intranet Portals
    • Knowledge Management
    • Team Communication
  • Search
    • Cognitive Search
    • Contract and Legal Search​
    • E-Commerce​
    • E-Discovery and GDPR Search
    • Enterprise Search​
    • Expert and People Search
    • Location Search​
    • Merger and Acquisition Search
    • Payment Reconciliation​
    • Site Search
    • Warranty Search
  • Cloud
    • Chat Bots
    • Cloud Collaboration Architectures
    • Cloud-Native Applications
    • Data Analytics​
    • Hybrid Infrastructures​
    • Lift & Shift
    • Machine Learning​
  • Services
  • Products
    • Enterprise Search Connectors
    • Search & Retrieval Interface
    • Custom Security Manager
    • Search Center for Microsoft Search
  • About
    • Career (in German)
    • Our Customers
    • Partners & Technologies
    • Insights
    • Webinars
    • Contact
  • Contact
  • Career
  • Insights
  • Contact
  • Career
  • Insights
  • EN
  • DE
News

Raytion’s Response to Log4Shell (CVE-2021-44228)

Raytion Enterprise Search Connectors are not affected by CVE-2021-44228 since they do not use log4j2

December 15, 2021
•
5 min read
Raytion
|
Raytion Insights
|
Raytion’s Response to Log4Shell (CVE-2021-44228)
log4shell-title
© Raytion GmbH

Raytion Enterprise Search Connectors

Raytion Enterprise Search Connectors are not affected by CVE-2021-44228 since they do not use log4j2

All Raytion Enterprise Search Connectors use log4j1 version which is not vulnerable to CVE-2021-44228. We have done additional analysis and a similar vulnerability can only be exploited if all of the following non-default configurations are in place:

  • The JMS Appender is configured in the application’s Log4j configuration
  • The javax.jms API is included in the application’s CLASSPATH
  • The JMS Appender has been configured with a JNDI lookup to a third party. Note: this can only be done by a trusted user modifying the application’s configuration, or by trusted code setting a property at runtime

There do exist a few CVEs for log4j which all are not affecting our Raytion Enterprise Search Connectors:

  • CVE-2019-17571 does not affect Raytion Enterprise Search Connectors since a specific, non-default, specific configuration is required.
  • CVE-2020-9488 does not affect Raytion Enterprise Search Connectors since a specific, non-default, specific configuration is required.

It may be worthwhile checking if the connector configuration has been adapted by you.

Please note: Raytion does not deliver any Raytion Enterprise Search Connector product with those non-default settings.

 

Raytion Search & Retrieval Interface (SRI)

Raytion SRI version 6.7+ and 7.x is affected by CVE-2021-44228SRI as an affected version of log4j2 is used.

Quick fix:

Linux and Windows command line:

Set -Dlog4j2.formatMsgNoLookups=true as JVM_PARAMS in ext/setenv.(sh|bat)

Windows Service:

Add -Dlog4j2.formatMsgNoLookups=true as procrun parameters

Resolution:

  • Upgrade to log4j 2.17 manually:
    • Place log4j-1.2-api, log4j-api, log4j-core,log4j-slf4j-impl and log4j-jul JARs of version 2.17 in ext/lib.
    • Stop SRI
    • Remove the old and affected log4j-1.2-api, log4j-api, log4j-core,log4j-slf4j-impl and log4j-jul JARs from folder app/WEB-INF/lib
    • Start SRI
  • Future SRI releases will include log4j 2.17 at minimum.

The following additional CVE within log4j2 does not affect Raytion SRI:

CVE-2021-45046: Thread Context Map not used by SRI; pattern not used and not exploitable. Other Context Lookups not part of default SRI log patterns.

 

Raytion Search Experience Manager (SXM)

Please refer to “Raytion Search & Retrieval Interface”.

 

Raytion Custom Security Manager (CSM)

Raytion CSM version 7.x is not vulnerable to CVE-2021-44228 since the affected log4j2 library is not part of this product.

Raytion CSM prior to version 7.x is also not vulnerable to CVE-2021-44228 as these versions use log4j version 1. We have done additional analysis and a similar vulnerability can only be exploited if all of the following non-default configurations are in place:

  • The JMS Appender is configured in the application’s Log4j configuration
  • The javax.jms API is included in the application’s CLASSPATH
  • The JMS Appender has been configured with a JNDI lookup to a third party. Note: this can only be done by a trusted user modifying the application’s configuration, or by trusted code setting a property at runtime

There do exist a few CVEs for log4j which all are not affecting our Raytion CSM

  • CVE-2019-17571 does not affect Raytion Enterprise Search Connectors since a specific, non-default, specific configuration is required.
  • CVE-2020-9488 does not affect Raytion Enterprise Search Connectors since a specific, non-default, specific configuration is required.

It may be worthwhile checking if the connector configuration has been adapted by you.

Raytion does not deliver any Raytion CSM product with those non-default settings.

 

Guidance for Preventing, Detecting, and Hunting for CVE-2021-44228 Log4j 2 exploitation

The following references may be of further help for you and your IT teams making sure you are protected from attacks against VE-2021-44228.

  • Microsoft: https://www.microsoft.com/security/blog/2021/12/11/guidance-for-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-exploitation/
  • Google: https://cloud.google.com/blog/products/identity-security/cloud-armor-waf-rule-to-help-address-apache-log4j-vulnerability
  • AWS: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

 

Update 2021-12-14, 9pm CET via announce@apache.org:  log4j2.16.0 fixes another, moderate CVE present in previous versions. Refer to https://logging.apache.org/log4j/2.x/security.html

Share this article

Find us on social media

Twitter

Xing

LinkedIn

Other Insights

News
Event

Rays at the B2Run Event

On May 23rd, Raytion participated in another B2Run event, which is a running challenge for Düsseldorf companies. The B2Run is a company run concept to promote team building and social networking.

May 25, 2023
•
3 min read
News
Event

12th Raytion University Day at the Hyatt Regency Hotel

On 3rd May we had our semiannual University Day at Raytion. As part of our company culture, we took a day off at the Hyatt Regency Hotel to listen to talks and discuss our strategy, how we support our customers and where we add value.

May 9, 2023
•
4 min read
Blog Post

Enterprise Search with Apache Solr – A Beginner’s Guide

Apache Solr is a broadly used open-source search engine, which is a solid and great foundation for enterprise search and search-based applications. It is the technical backend of many commercial software packages and similar to Elasticsearch, it offers a great flexibility in configuring ranking and scoring models, linguistics as well as query and content processing. Due to this flexibility, it is also often used as a search engine for enterprise search. In this guide, we will briefly give an overview on how to get started with setting up Solr, integrating content sources and displaying results.

April 28, 2023
•
5 min read
show all

Are you interested in Raytion's offers?

Please reach out to us

Services

We support the implementation of modern collaboration, search and cloud solutions. We provide and ensured the delivery of cutting-edge solutions to our customers and take care of the necessary strategic alignment. We offer broad consulting and integration services.
learn more

Products

At Raytion we unlock the potential of enterprise search by offering a wide range of in-house developed products and software components. They complement product offers of commercially available enterprise search engines and increase their value.
learn more

About Raytion

Founded in 2001, Raytion is an internationally operating IT-business consultancy that implements state-of-the-art information management, collaboration, search and cloud solutions.
learn more

Interested in a consultation?

Get in touch

Imprint

|

Privacy Policy

Products

Product Support Portal

Enterprise Search Connectors

Search & Retrieval Interface

Custom Security Manager

Search Center for Microsoft Search

Solutions

Collaboration

Search

Cloud

About

Customers

Career

Partners & Technologies

Insights

Webinars

Contact

© Copyright 2001 - 2023 Raytion GmbH, Düsseldorf

We are using cookies to give you the best experience on our website.

You can find out more about which cookies we are using in our privacy policy.

Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Strictly Necessary Cookies

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.

3rd Party Cookies

This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.

Keeping this cookie enabled helps us to improve our website.

Please enable Strictly Necessary Cookies first so that we can save your preferences!