Issue
- Elasticsearch utilized by the ESET Secure Authentication (ESA) reporting engine is partially affected by the CVE-2021-44228 vulnerability found in the
log4j2
library
Details
Click to expand
"Supported versions of Elasticsearch (6.8.9+, 7.8+) used with recent versions of the JDK (JDK9+) are not susceptible to either remote code execution or information leakage. This is due to Elasticsearch’s usage of the Java Security Manager. Most other versions (5.6.11+, 6.4.0+ and 7.0.0+) can be protected via a simple JVM property change."
Solution
To fix the issue automatically:
- Download ESA version 3.0.40 or later.
- Double-click the downloaded .EXE file.
- Follow the on-screen instructions to complete the upgrade.
To fix the issue manually, in your Elasticsearch instance, proceed with one of the options below:
-
set the JVM property
or-Dlog4j2.formatMsgNoLookups=true
-
remove the
JndiLookup.class
as instructed here.
See a sample adjustment in Figure 1-1 below.