Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
Jan 25, 2022 7:48:24 AM
Dec 13, 2021 3:29:16 PM
Qlik is providing these mitigation steps as a temporary measure. A patch will be provided and linked here; customers are advised to move to the patch as soon as it is available.
Patches are available. See Vulnerability Testing - Apache Log4j, reference CVE-2021-44228 (also referred to as Log4Shell) for your release and the relevant patch.
Upgrade at the earliest.
@Echo off
REM attunity trend analysis java server configuration/run script
REM e.g. AT_PROD = C:\Program Files\Attunity\Enterprise Manager\java_server
for %%A in ("%~dp0..") do set AT_PROD=%%~fA
REM list plugins here
SET AT_PLUGIN_LIST=-plugins analytics_ctl
REM set data directory based on the name of this script
set AT_DATA_SUFFIX=
for /F "tokens=2 delims=_" %%A in ("%~n0") do set AT_DATA_SUFFIX=%%A
if "%AT_DATA_SUFFIX%" == "" (
set AT_DATA=
) else (
set AT_DATA=-d data_%AT_DATA_SUFFIX%
)
SET AT_ANALYTICS=%AT_PROD%\lib\jvm\bin\aemanalytics.exe
SET AT_EXTERNAL=%AT_PROD%\external
SET AT_LIB=%AT_PROD%\lib
SET AT_INFRA_JAR=%AT_LIB%\attunity.infrastructure.jar
SET AT_PLUGINS=%AT_PROD%\plugins
SET AT_MAIN=com.attunity.infrastructure.server.PluginServer
REM <-------------- Fix Here ------------>
"%AT_ANALYTICS%" %JAVA_LIB_PATH% ‐Dlog4j2.formatMsgNoLookups=true -cp "%AT_INFRA_JAR%";"%AT_PLUGINS%"/*;"%AT_EXTERNAL%"/*;"%AT_LIB%"/* %AT_MAIN% %AT_DATA% %AT_PLUGIN_LIST% %*
$ cd <installation-root>\Enterprise Manager\java\external
$ ren log4j-core-<version#>.jar ..\log4j-core-<version#>.jar-vulnerable
log4j-core-nolookup-<version#>.jar
from this page and place it in the same location as the vulnerable jar.$ sc stop AttunityEnterpriseManager
$ sc start AttunityEnterpriseManager
Note that if you have a customized Enterprise Manager start script, you should perform the equivalent edit on your modified start script.
For more information on the Log4j vulnerability, please visit the Support Updates Blog post.
group:
1. you would need to stop the QEM service first.
2. when download the log4j-core-nolookup-<version#>.jar , make sure that you use the correct version that you rename .
3. then you would need to start the QEM service after replacing the log4j-core-nolookup-<version#>.jar file.
i tested on 7.7 sp9 ( 7.0.0.1566 ) without any issue.
and 2021.5 sp8 (2021.5.0.498) without any issue.
NOTES: that if you were on 7.7xx and already apply the nolookup jar file . then you upgrade to 2021.5xx kit. you would need to redo all the steps again.
Hi,
As you mentioned, I tried the full process again after stopping the QEM service. But I'm facing the same error.
ERROR:
The process cannot access the file because it is being used by another process.
And the QEM version that I'm using is (Version 7.0.0.461)
Thanks,
Antony S