QUESTION:
What are the mitigation steps for the Log4J vulnerabilities in RadiantOne JMSHA servers?
ANSWER:
1) Stop the ICS and pcache connectors.
2) Stop the ICS agent and then the Glassfish App Server.
3) Stop jmsha (radiantone/jmsha/bin/stop_servers.sh) on all servers. Perform the below steps on all JMS servers.
4) On JMS server, To list all the log4j-core files, run the command below in Powershell. Check the path "C:\radiantone", edit if necessary. nothing else in the command needs to be changed.
for Linux:
$find . -name log4j*
(the above command is used for checking from the current folder and all the folders under it. If you want to check from a specific path or from the root folder use the below variations)
$find / -name log4j* -- to search from root path
$find $PATH -name log4j* -- to search from a specific path variable like $RLI_HOME, $RLI_JAVA_HOME
$find PATH -name log4j* -- mention valid path can be mentioned in the place of PATH
for Windows:
Get-ChildItem . -Filter 'log4j-core*' -Recurse | % { $_.FullName }
similar to Linux, variations of the command will work here as well
You will see the path of the log4j files if there are any.
5) Take the backup of all the files listed in the output before doing the next steps.
6) Go to the path of each file you see in the output in windows file explorer, locate the file log4j-core-*, verify the version of the file.
The version should be between 2.0 to 2.14.1.
7) replace the files from the above with file from %RLI_HOME%/lib//log4j-core-2.7.jar
8) Once the classfile is removed from all the log4j-core jar files, start jmsha ( radiantone/jmsha/bin/start_servers.sh)
9) Start ICS agent, this starts the required GlassFish app server.
10) Start the ICS and/or pcache connectors.
Mitigation steps for the Log4J vulnerabilities in RadiantOne JMSHA servers

Vamsi Pabbisetty
Comments
Please sign in to leave a comment.