News
Raytion’s Response to Log4Shell (CVE-2021-44228)
Raytion Enterprise Search Connectors are not affected by CVE-2021-44228 since they do not use log4j2
December 15, 2021
•
5 min read
All Raytion Enterprise Search Connectors use log4j1 version which is not vulnerable to CVE-2021-44228. We have done additional analysis and a similar vulnerability can only be exploited if all of the following non-default configurations are in place:
There do exist a few CVEs for log4j which all are not affecting our Raytion Enterprise Search Connectors:
It may be worthwhile checking if the connector configuration has been adapted by you.
Please note: Raytion does not deliver any Raytion Enterprise Search Connector product with those non-default settings.
Quick fix:
Linux and Windows command line:
Set -Dlog4j2.formatMsgNoLookups=true as JVM_PARAMS in ext/setenv.(sh|bat)
Windows Service:
Add -Dlog4j2.formatMsgNoLookups=true as procrun parameters
Resolution:
The following additional CVE within log4j2 does not affect Raytion SRI:
CVE-2021-45046: Thread Context Map not used by SRI; pattern not used and not exploitable. Other Context Lookups not part of default SRI log patterns.
Please refer to “Raytion Search & Retrieval Interface”.
Raytion CSM prior to version 7.x is also not vulnerable to CVE-2021-44228 as these versions use log4j version 1. We have done additional analysis and a similar vulnerability can only be exploited if all of the following non-default configurations are in place:
There do exist a few CVEs for log4j which all are not affecting our Raytion CSM
It may be worthwhile checking if the connector configuration has been adapted by you.
Raytion does not deliver any Raytion CSM product with those non-default settings.
The following references may be of further help for you and your IT teams making sure you are protected from attacks against VE-2021-44228.
Update 2021-12-14, 9pm CET via announce@apache.org: log4j2.16.0 fixes another, moderate CVE present in previous versions. Refer to https://logging.apache.org/log4j/2.x/security.html
Reflecting on Sustainable Innovations: Recap of the 3DEXPERIENCE User Conference 2024. The Conference themed "Unlock Boundless Potential with ENOVIA and NETVIBES" was a significant event for leading organizations and professionals.
We are pleased to share that Raytion has been recognized once again as one of the top 100 companies that are significant in the field of knowledge management, and proudly share this accomplishment.
In an important step toward advancing the landscape of knowledge management, Raytion proudly sponsored and actively participated in the premier event of Knowledge Management, KMWorld 2023. Held from November 6th to 9th at JW Marriott in Washington, DC, this event served as a hot spot for professionals from diverse industries, exploring the transformative power of Knowledge Management (KM) and related disciplines.
© Copyright 2001 - 2023 Raytion GmbH, Düsseldorf
This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.
If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.
This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.
Keeping this cookie enabled helps us to improve our website.
Please enable Strictly Necessary Cookies first so that we can save your preferences!