-
Title
Is NetVault affected by CVE-2021-44228? -
Description
Is NetVault affected by CVE-2021-44228? -
Cause
This article addresses the NetVault in regards to the Apache Log4j2 Zero-Day exploit identified under CVE-2021-44228.
For more details regarding the Apache Log4j2 vulnerability, refer to Fixed in Log4j 2.15.0 section of the Apache Log4j Security Vulnerabilities page.
-
Resolution
It has been confirmed that the Apache Log4j2 Zero-Day exploit identified by CVE-2021-44228 and CVE-2021-45046 only impacts NetVault versions: 12.x, 13.0, 13.0.1, 13.0.2, 13.0.3, when leveraging the optional Elastic Search functionality.
To obtain the Patch
Head over to our NetVault - Download Software page.
Please ensure you apply the version that corresponds to your system's architecture.
To apply the patch:
Customer who has installed and configured Catalog Search will have to do the following
- Disable Catalog Search Temporarily
- For Windows, stop 'NetVault Catalog Search' service as disabling is not stopping the service.
- Install NPK
- For Windows, start 'NetVault Catalog Search' service.
- Enable Catalog Search
Customer who plans to, but has not done so yet, install/configure Catalog Search will have to do the following:
- Open the Menu
- Select the "Catalog Search" option
- Click on the [ Install & Configure ] button located on the bottom right corner.
- Once completed, Disable Catalog Search Temporarily
- For Windows, stop 'NetVault Catalog Search' service as disabling is not stopping the service.
- Install NPK
- For Windows, start 'NetVault Catalog Search' service.
- Enable Catalog Search
- If you do not wish to have the catalog running, disable it.
To verify if the plugin has been installed:
- Open the Menu
- Click the "Manage Clients" option
- Select the NetVault Server
- Click on the [ Manage ] button
- Look within the right pane if the "Fix CVE-2021-44228" is present.