Raytion’s Response to Log4Shell (CVE-2021-44228)

News

Raytion’s Response to Log4Shell (CVE-2021-44228)

Raytion Enterprise Search Connectors are not affected by CVE-2021-44228 since they do not use log4j2

December 15, 2021
5 min read
Raytion
|
Raytion Insights
|
Raytion’s Response to Log4Shell (CVE-2021-44228)
log4shell-title
© Raytion GmbH

Raytion Enterprise Search Connectors

Raytion Enterprise Search Connectors are not affected by CVE-2021-44228 since they do not use log4j2

All Raytion Enterprise Search Connectors use log4j1 version which is not vulnerable to CVE-2021-44228. We have done additional analysis and a similar vulnerability can only be exploited if all of the following non-default configurations are in place:

  • The JMS Appender is configured in the application’s Log4j configuration
  • The javax.jms API is included in the application’s CLASSPATH
  • The JMS Appender has been configured with a JNDI lookup to a third party. Note: this can only be done by a trusted user modifying the application’s configuration, or by trusted code setting a property at runtime

There do exist a few CVEs for log4j which all are not affecting our Raytion Enterprise Search Connectors:

  • CVE-2019-17571 does not affect Raytion Enterprise Search Connectors since a specific, non-default, specific configuration is required.
  • CVE-2020-9488 does not affect Raytion Enterprise Search Connectors since a specific, non-default, specific configuration is required.

It may be worthwhile checking if the connector configuration has been adapted by you.

Please note: Raytion does not deliver any Raytion Enterprise Search Connector product with those non-default settings.

 

Raytion Search & Retrieval Interface (SRI)

Raytion SRI version 6.7+ and 7.x is affected by CVE-2021-44228SRI as an affected version of log4j2 is used.

Quick fix:

Linux and Windows command line:

Set -Dlog4j2.formatMsgNoLookups=true as JVM_PARAMS in ext/setenv.(sh|bat)

Windows Service:

Add -Dlog4j2.formatMsgNoLookups=true as procrun parameters

Resolution:

  • Upgrade to log4j 2.17 manually:
    • Place log4j-1.2-api, log4j-api, log4j-core,log4j-slf4j-impl and log4j-jul JARs of version 2.17 in ext/lib.
    • Stop SRI
    • Remove the old and affected log4j-1.2-api, log4j-api, log4j-core,log4j-slf4j-impl and log4j-jul JARs from folder app/WEB-INF/lib
    • Start SRI
  • Future SRI releases will include log4j 2.17 at minimum.

The following additional CVE within log4j2 does not affect Raytion SRI:

CVE-2021-45046: Thread Context Map not used by SRI; pattern not used and not exploitable. Other Context Lookups not part of default SRI log patterns.

 

Raytion Search Experience Manager (SXM)

Please refer to “Raytion Search & Retrieval Interface”.

 

Raytion Custom Security Manager (CSM)

Raytion CSM version 7.x is not vulnerable to CVE-2021-44228 since the affected log4j2 library is not part of this product.

Raytion CSM prior to version 7.x is also not vulnerable to CVE-2021-44228 as these versions use log4j version 1. We have done additional analysis and a similar vulnerability can only be exploited if all of the following non-default configurations are in place:

  • The JMS Appender is configured in the application’s Log4j configuration
  • The javax.jms API is included in the application’s CLASSPATH
  • The JMS Appender has been configured with a JNDI lookup to a third party. Note: this can only be done by a trusted user modifying the application’s configuration, or by trusted code setting a property at runtime

There do exist a few CVEs for log4j which all are not affecting our Raytion CSM

  • CVE-2019-17571 does not affect Raytion Enterprise Search Connectors since a specific, non-default, specific configuration is required.
  • CVE-2020-9488 does not affect Raytion Enterprise Search Connectors since a specific, non-default, specific configuration is required.

It may be worthwhile checking if the connector configuration has been adapted by you.

Raytion does not deliver any Raytion CSM product with those non-default settings.

 

Guidance for Preventing, Detecting, and Hunting for CVE-2021-44228 Log4j 2 exploitation

The following references may be of further help for you and your IT teams making sure you are protected from attacks against VE-2021-44228.

 

Update 2021-12-14, 9pm CET via announce@apache.org:  log4j2.16.0 fixes another, moderate CVE present in previous versions. Refer to https://logging.apache.org/log4j/2.x/security.html

Share this article

Find us on social media

Twitter

Xing

LinkedIn

Find us on social media

Twitter

Xing

LinkedIn

Other Insights

Webinar

Google Cloud Search

Google Workspace is Google's digital workplace and social collaboration platform. With Google Cloud Search it has a strong built-in search engine, which indexes all relevant Google Workspace documents and even offers indexing of third-party sources.

August 8, 2022
Blog Post

Enterprise Search with Raytion Search & Retrieval Interface

This blog article will draw closer what enterprise search is and how the Raytion Search & Retrieval Interface comes into play. Since information is stored differently, the interface shows a good approach to streamline information access.

August 1, 2022
6 min read
show all

Are you interested in Raytion's offers?

Please reach out to us

Services

We support the implementation of modern collaboration, search and cloud solutions. We provide and ensured the delivery of cutting-edge solutions to our customers and take care of the necessary strategic alignment. We offer broad consulting and integration services.
learn more

Products

At Raytion we unlock the potential of enterprise search by offering a wide range of in-house developed products and software components. They complement product offers of commercially available enterprise search engines and increase their value.
learn more

About Raytion

Founded in 2001, Raytion is an internationally operating IT-business consultancy that implements state-of-the-art information management, collaboration, search and cloud solutions.
learn more