Qlik Community

Knowledge

Search or browse our knowledge base to find answers to your questions ranging from account questions to troubleshooting error messages. The content is curated and updated by our global Support team

Announcements
QlikWorld 2022, LIVE in Denver CO., May 16-19, 2022. REGISTER NOW TO RECEIVE EARLY BIRD PRICING

CVE_2021_44228 - Handling the log4j lookups critical vulnerability for Qlik Enterprise Manager

cancel
Showing results for 
Search instead for 
Did you mean: 
Jamie_Gregory
Community Manager
Community Manager

CVE_2021_44228 - Handling the log4j lookups critical vulnerability for Qlik Enterprise Manager

Qlik is providing these mitigation steps as a temporary measure. A patch will be provided and linked here; customers are advised to move to the patch as soon as it is available.

 

Environment:

 

 

Mitigation steps to follow Enterprise Manager log4j vulnerability:

 

  1. Stop the Enterprise Manager service. 
  2. Edit the file <installation-root>\Enterprise Manager\java\bin\atajs.bat (<installation-root> typically refers to "C:\Program Files\Attunity")
  3.  Add the string ‐Dlog4j2.formatMsgNoLookups=true in the location shown below (last line of script):

    @Echo off
    REM attunity trend analysis java server configuration/run script

    REM e.g. AT_PROD = C:\Program Files\Attunity\Enterprise Manager\java_server
    for %%A in ("%~dp0..") do set AT_PROD=%%~fA

    REM list plugins here
    SET AT_PLUGIN_LIST=-plugins analytics_ctl

    REM set data directory based on the name of this script
    set AT_DATA_SUFFIX=
    for /F "tokens=2 delims=_" %%A in ("%~n0") do set AT_DATA_SUFFIX=%%A

    if "%AT_DATA_SUFFIX%" == "" (
        set AT_DATA=
    ) else (
        set AT_DATA=-d data_%AT_DATA_SUFFIX%
    )

    SET AT_ANALYTICS=%AT_PROD%\lib\jvm\bin\aemanalytics.exe
    SET AT_EXTERNAL=%AT_PROD%\external
    SET AT_LIB=%AT_PROD%\lib
    SET AT_INFRA_JAR=%AT_LIB%\attunity.infrastructure.jar
    SET AT_PLUGINS=%AT_PROD%\plugins
    SET AT_MAIN=com.attunity.infrastructure.server.PluginServer

    REM                                                           <-------------- Fix Here ------------>
    "%AT_ANALYTICS%" %JAVA_LIB_PATH%  ‐Dlog4j2.formatMsgNoLookups=true -cp "%AT_INFRA_JAR%";"%AT_PLUGINS%"/*;"%AT_EXTERNAL%"/*;"%AT_LIB%"/* %AT_MAIN% %AT_DATA% %AT_PLUGIN_LIST% %*
  4.  Save the file.
  5. Locate the vulnerable log4j-core-<version#>.jar file and rename/move it to ../log4j-core-<version#>.jar-vulnerable.
    $ cd <installation-root>\Enterprise Manager\java\external
    
    $ ren log4j-core-<version#>.jar  ..\log4j-core-<version#>.jar-vulnerable
  6. Download the non-vulnerable jar named log4j-core-nolookup-<version#>.jar  from this page and place it in the same location as the vulnerable jar.
  7. Restart the Enterprise Manager Windows service.

    $ sc stop AttunityEnterpriseManager

    $ sc start AttunityEnterpriseManager

Note that if you have a customized Enterprise Manager start script, you should perform the equivalent edit on your modified start script.

 

For more information on the Log4j vulnerability, please visit the Support Updates Blog post.

Attachments
Comments
Jon_Donker
Contributor
Contributor

Hi - Thanks for the mitigation steps.

Does this impact the functionality of Enterprise manager in any way?

GerardQ
Contributor II
Contributor II

I found the Analytics service no longer works: 

SYS,GENERAL_EXCEPTION,Unable to connect to the remote server

In log file:

[Manager ] [ERROR] The Analytics java server could not start.

 

Antony_05
Contributor III
Contributor III

Hi Team,

 

Please let us know the whether the newly updated mitigation for QEM is working fine or not.?

 

Thanks,

Antony S

GerardQ
Contributor II
Contributor II

@Anthony, the issue with Analytics service was caused by the minus sign character in the adviced remediation pages. I used copy/paste to add the parameter to the JVM and that caused the error. The issue was resolved after manually typing '-'-sign.

Regards, Gerard

Antony_05
Contributor III
Contributor III

Hi,

 

I'm getting an error while renaming the log4j.jar file in the QEM.

ren log4j-core-2.11.1.jar log4j-core-2.11.1.jar-vulnerable

ERROR:
The process cannot access the file because it is being used by another process.

Thanks,

Antony S

 

GerardQ
Contributor II
Contributor II

Did you stop the service first?

Antony_05
Contributor III
Contributor III

Hi, 

No we did not stop the service first ,we followed the steps as its give in this community. Renaming the Log4j . jar file first when we got this error.Should we stop the Replication first and then rename the jar file  followed by replacing it with the new version of jar file provided and then start the Replication again ?

 

Thanks

 

 

 

ChadW
Contributor
Contributor

@GerardQ We also are getting the SYS,GENERAL_EXCEPTION,Unable to connect to the remote server error.  We tried editing the file and typing in the "-", stopped and started the services again, but still get that same error

 

GerardQ
Contributor II
Contributor II

Yes you need to stop the service first.

ChadW
Contributor
Contributor

We had to apply 2021.5 SR4 for it to work

Version history
Last update:
4 weeks ago
Updated by: