[KB8190] Vulnerability log4j2 in the Reporting Engine (Elasticsearch) of ESET Secure Authentication

Alert: Use the latest ESET product versions. Find out if your ESET product is affected by End of Life (EoL)

Alert: Information regarding the Log4j 2 vulnerability

[KB8190] Vulnerability log4j2 in the Reporting Engine (Elasticsearch) of ESET Secure Authentication

Issue

Elasticsearch utilized by the ESET Secure Authentication (ESA) reporting engine is partially affected by the CVE-2021-44228 vulnerability found in the log4j2 library

Details

Click to expand

"Supported versions of Elasticsearch (6.8.9+, 7.8+) used with recent versions of the JDK (JDK9+) are not susceptible to either remote code execution or information leakage. This is due to Elasticsearch’s usage of the Java Security Manager. Most other versions (5.6.11+, 6.4.0+ and 7.0.0+) can be protected via a simple JVM property change."

Solution

To fix the issue automatically:

Download ESA version 3.0.40 or later.
Double-click the downloaded .EXE file.
Follow the on-screen instructions to complete the upgrade.

To fix the issue manually, in your Elasticsearch instance, proceed with one of the options below:

set the JVM property -Dlog4j2.formatMsgNoLookups=true
or

remove the JndiLookup.class as instructed here.

See a sample adjustment in Figure 1-1 below.

Last Updated: Dec 17, 2021