[KB8190] Vulnerability log4j2 in the Reporting Engine (Elasticsearch) of ESET Secure Authentication

Issue

Details


Click to expand

Elastic announced

"Supported versions of Elasticsearch (6.8.9+, 7.8+) used with recent versions of the JDK (JDK9+) are not susceptible to either remote code execution or information leakage. This is due to Elasticsearch’s usage of the Java Security Manager. Most other versions (5.6.11+, 6.4.0+ and 7.0.0+) can be protected via a simple JVM property change."


Solution

To fix the issue automatically:

  1. Download ESA version 3.0.40 or later.

  2. Double-click the downloaded .EXE file.

  3. Follow the on-screen instructions to complete the upgrade.

To fix the issue manually, in your Elasticsearch instance, proceed with one of the options below:

  • set the JVM property -Dlog4j2.formatMsgNoLookups=true

    or

See a sample adjustment in Figure 1-1 below. 

Figure 1-1