This article addresses the NetVault in regards to the Apache Log4j2 Zero-Day exploit identified under CVE-2021-44228.
For more details regarding the Apache Log4j2 vulnerability, refer to Fixed in Log4j 2.15.0 section of the Apache Log4j Security Vulnerabilities page.
It has been confirmed that the Apache Log4j2 Zero-Day exploit identified by CVE-2021-44228 and CVE-2021-45046 only impacts NetVault versions: 12.x, 13.0, 13.0.1, 13.0.2, 13.0.3, when leveraging the optional Elastic Search functionality.
To obtain the Patch
Head over to our NetVault - Download Software page.
Please ensure you apply the version that corresponds to your system's architecture.
To apply the patch:
Customer who has installed and configured Catalog Search will have to do the following
Customer who plans to, but has not done so yet, install/configure Catalog Search will have to do the following:
To verify if the plugin has been installed: