-
Titre
Are currently supported versions of Foglight affected by the latest Apache log4j2 vulnerabilities CVE-2021-44228 & CVE-2021-45046 -
Description
Are currently supported versions of Foglight affected by the latest Apache log4j2 vulnerabilities CVE-2021-44228 & CVE-2021-45046 -
Cause
Apache log4j2 vulnerabilities:
-
Résolution
Quest R&D has reviewed Foglight and its components and determined that releases below 6.0.0 are not affected by these vulnerabilities.
The following components are not affected because these components use Log4J version 1.2.17 (please see Knowledgebase article 336091 for information on CVE -2021-4104)
- Foglight Management Server (all released version levels)
- Foglight Agent Manager (all released version levels)
- Foglight Evolve (all released version levels)
- Foglight for Virtualization, Enterprise Edition (FVE) (all versions)
- Foglight for Storage Management (FSM) (all versions)
- Foglight cartridges released below the 6.0.0 version
- Database cartridges MySQL, PostgreSQL, MongoDB, Cassandra. Redshift (all versions)
Affected Foglight 6.0.0 components are listed below. .
- Database cartridges: DB2, Oracle, Azure SQL, SQL Server, Sybase, MySQL PI
- Evolve cartridges: Active Directory (AD), Exchange, and Office365
Remove the previous workarounds
Earlier revisions of the Knowledgebase article included a workaround to add lines to the FMS file {FMS_DIR}\config\server.config. These were found to be ineffective.
Remove the following line from the Foglight Management Server (FMS):
server.vm.option.#= "-Dlog4j2.formatMsgNoLookups=true";
For Foglight Agent Manager the file is: {FGLAM_DIR}\state\default\config\baseline.jvmargs.config, remove the following line:
vmparameter.#= "-Dlog4j2.formatMsgNoLookups=true";
Status
The following cartridge versions using log4j 2.17.1 are available for download at the 6.0.1.10 release from Supportlink:
https://support.quest.com/foglight/6.0.0/download-new-releases- SQL Server
- Oracle
- DB2
- Azure SQL
- SAP ASE [Sybase]
- MySQL PI
- Active Directory
- Exchange
- Office365
The following installer with database cartridges using log4j 2.17.1 is available for download at the 6.0.1 release from Supportlink:
https://support.quest.com/foglight-for-databases/6.0.0/download-new-releases- Foglight for Databases installer
The following installer with virtualization cartridges using log4j 2.17.1 is available for download at the 6.0.1 release from Supportlink:
https://support.quest.com/foglight-evolve/6.0.0/download-new-releases- Foglight Evolve installer
Deleting orphaned and deprecated old release cartridge folders from the FglAMs
The user can delete any orphaned folders still present from older versions of the installed cartridges after the cartridge upgrade is complete (as per Defect FAM-1972 in the Foglight Agent Manager release notes). The FglAM may need to be stopped in order to delete the folders. These would be located in the agent libraries folder such as:
{fglam}\agents\DB_SQL_Server
{fglam}\agents\DB_DB2
{fglam}\agents\DB_Oracle
etc.
For SPIRepository agents
These agents have become redundant beginning with Foglight 6.0.0.10 database cartridges and higher. Refer to Knowledgebase article 337702.
Deleting deprecated cartridge folders from the FMS
Any folders corresponding cartridges can also be deleted from {Foglight}\tmp\cartridge.deploy. This area is used as a temporary space to unpack cartridges before the contents are written to {Foglight}\state\cartridge.exploded directory path.
For Foglight Management Server in Windows the fms service/process should be stop to allow to delete the files
Contact Support for assistance or clarification about any further questions regarding this Knowledgebase article
-
Identifiant du défaut
FOG-3019 -
Informations supplémentaires
Active Directory, Exchange, and Office365 cartridges are enabled by default in the Foglight Evolve application. DB2, Oracle, Azure SQL, and SQL Server cartridges are enabled by default in the Foglight for Databases application.
The HA deployment whitelist may be reset during this update, consult Knowledgebase article 315130 to add the SQL Server, Oracle, and SQL PI repository whitelist entries back into the FMS.