AD部分产品受Apache log4j2(CVE-2021-44228)漏洞影响(附workaround)
经与研发团队确认,部分AD产品受Apache log4j2(CVE-2021-44228)漏洞影响,提供的workaround如下:
EventLog Analyzer:
We have replaced the %m with %m{nolookups} in the log4j2.properties of ES.
1.Download the log4j2.properties file from the below link.
2. Put the file in the following folders:
<Installation dir>/Eventlog Analyzer/ES/config
<Installation dir>/../elasticsearch/ES/config
3. Open an admin cmd and navigate to the following location
<Installation dir>/Eventlog Analyzer/ES/bin
run stopES.bat file
<Installation dir>/../elasticsearch/ES/bin
run stopES.bat file
Note: Product restart is not needed. ES will connect back in sometime by itself.
Log360:
We have replaced the %m with %m{nolookups} in the log4j2.properties of ES.
1.Download the log4j2.properties file from the below link.
2. Put the file in the following folders:
<Installation dir>/../elasticsearch/ES/config
3. Open an admin cmd and navigate to the following location
<Installation dir>/../elasticsearch/ES/bin
run stopES.bat file
Note: Product restart is not needed. ES will connect back in sometime by itself.
*********************************************************************************
ADAudit Plus:
1. Stop the ADAudit Plus service and wait till the service stops
2. Navigate to <product_installation_dir>\conf
3. Edit wrapper.conf present in the current folder with Wordpad or Notepad++ (Not Notepad)
4. Add the below entry under "Java Additional Parameters" (search for the string "wrapper.java.additional")
wrapper.java.additional.25=-Dlog4j2.formatMsgNoLookups=true
[Note : If you already have a line with 25, then insert this entry as 26]
5. Now again navigate to <product_installation_dir>\apps\dataengine-xnode\conf
6. Again edit wrapper.conf present in the current folder with Wordpad or Notepad++ (Not Notepad)
7. Search for the string "wrapper.java.additional" and add the below sequence as the last entry
wrapper.java.additional.20=-Dlog4j2.formatMsgNoLookups=true
[Note : If you already have a line with 20, then insert this entry as 21]
8. Start the service.
*********************************************************************************
ADManager Plus:
1.Stop ADManager Plus
2.Navigate to <Installation folder>ADManager PlusESconfig
3.Take backup of jvm.options
4.Edit the jvm.options and add the following as displayed in the image and save the file
-Dlog4j2.formatMsgNoLookups=true
5.Start the ADManager Plus
*********************************************************************************
DataSecurity Plus:
1.Stop the DataSecurity Plus service and wait till the service stops
2.Navigate to <product_installation_dir>\conf
3.Edit wrapper.conf present in the current folder with Wordpad or Notepad++ (Not Notepad)
4.Add the below entry under "Java Additional Parameters" (search for the string "wrapper.java.additional")
wrapper.java.additional.25=-Dlog4j2.formatMsgNoLookups=true
[Note: If you already have a line with 25, then insert this entry as 26]
5.Now again navigate to <product_installation_dir>\apps\dataengine-xnode\conf
6.Again edit wrapper.conf present in the current folder with Wordpad or Notepad++ (Not Notepad)
7.Search for the string "wrapper.java.additional" and add the below sequence as the last entry
wrapper.java.additional.20=-Dlog4j2.formatMsgNoLookups=true
[Note: If you already have a line with 20, then insert this entry as 21]
8.Start the service.
其他:ADSelfService Plus和AD360不受影响。
Related Articles
Spring(CVE-2022-22965)框架漏洞对ManageEngine本地产品无影响
Spring框架中的一个严重漏洞 ( CVE-2022-22965 ) 影响在JDK 9+上运行的Spring MVC和Spring WebFlux应用程序已于2022年3月31日被公开披露。VMWare/Spring在此处记录了此漏洞的详细信息:https: //spring.io/blog/2022/03/31/spring-framework-rce-early-announcement ...【OPM】不涉及 Apache Tomcat CVE-2023-50164漏洞
OpManager 不涉及Apache Tomcat CVE-2023-50164 漏洞 Apache Struts 2中的远程代码执行漏洞(CVE-2023-50164) OpManager 不涉及Apache Tomcat CVE-2023-50164 漏洞,因为在OpManager中我们不会使用该 Struts。【OPM】不涉及 Apache Tomcat CVE-2023-46589漏洞
OpManager 不涉及Apache Tomcat CVE-2023-46589漏洞 因为OpManager中不使用 HTTP Trailer header【APM】不涉及 Apache Tomcat CVE-2023-46589漏洞
Applications Manager 不涉及Apache Tomcat CVE-2023-46589漏洞 因为 Applications Manager 中不使用 HTTP Trailer header。 同时,该漏洞仅适用于在反向代理服务器后的APM实例之间运行。(APM和浏览器之间的代理服务器) 所以此漏洞不适用的另一个原因是漏洞利用前提需要反向代理服务器。Poodle漏洞 CVE-2014-3566
POODLE代表在已下载的旧版加密上添加Oracle,使黑客有可能窥探用户的网络浏览。问题是18年的加密标准,即SSL v3,仍被较旧的浏览器(如Internet Explorer 6)使用。 如果OpManager使用HTTPS模式,则更改应仅在tomcat中进行。 如何保护Tomcat: 1. 停止OpManager服务。 ...