ADMP-最新的Log4j vulnerabilities(CVE-2021 44228 & CVE-2021-45046) workaround

ADMP-最新的Log4j vulnerabilities(CVE-2021 44228 & CVE-2021-45046) workaround

In ADManager Plus the affected log4j version is used is in the bundled dependency, Please find the below precautionary measures against the latest log4j vulnerability (CVE-2021 44228 & CVE-2021-45046). There is no conclusive evidence of the exploit in ADManager Plus yet. We strongly recommend all our customers to follow the steps given below as a precautionary measure.

ADManager Plus Precautionary steps to take against this vulnerability  

(NOTE: If you do not have the ES folder inside the ADManager Plus Installation folder, then your ADManager Plus instance is not vulnerable. And the below steps need not be followed.)

1. Stop ADManager Plus

2. Delete the following files after taking backup

a. From ADManager Plus\ES\lib folder
i. log4j-1.2-api-2.11.1.jar
       ii. log4j-api-2.11.1.jar
      iii. log4j-core-2.11.1.jar

b. From ADManager Plus\ES\plugins\search-guard-6
i. log4j-slf4j-impl-2.11.1.jar

3. Download the zip and extract the following files (Zip File Link: https://downloads.zohocorp.com/ADManager_Plus/xJLJRv0OQDiTZwA/log4j-2.16.0.zip )

a. Place following extracted files in ADManager Plus\ES\lib
i. log4j-1.2-api-2.16.0.jar
       ii. log4j-api-2.16.0.jar
      iii. log4j-core-2.16.0.jar

b. Place following extracted files in ADManager Plus\ES\plugins\search-guard-6
i. log4j-slf4j-impl-2.16.0.jar

4.Start the ADManager Plus