Welcome
Search…
Welcome
ODIN
ODIN Releases Changelog
ODIN User and Administration Guide - release 1.3.5.514
ODIN User and Administration Guide - release 1.2.3.412
ODIN User and Administration Guide - release 1.1.2.350
ODIN User and Administration Guide - release 1.1.1.340
ODIN User and Administration Guide - release 1.0.0.303
ODIN User and Administration Guide - release 1.0.0.270
Livepoint X
Livepoint X Releases Changelog
Livepoint X R4 Minimum hardware requirements
PI Vision Alarms Symbol
PI Vision Alarms Add-in Changelog
PI Vision Alarms Add-in User and Administration Guide
Batch & RtReports Synchronization Utility
Batch & RtReports synchronization Releases Changelog
Batch & RtReports synchronization user and administration guide
Notifications and Escalations
Notifications and Escalations Changelog
Announcements
End of Life Announcements
Security Announcements
Powered By GitBook
Security Announcements

Log4J CVE-2021-44228

2021-12-10, Apache Solr affected by Apache Log4J CVE-2021-44228
As detailed below in light of the recent log4j announcement an evaluation has been conducted by TQS to detail any affected software provided by TQS. As part of the Livepoint X platform, Apache Solr is utilized to provide indexing and as such Apache Solr itself has a dependency on Log4j. It is advised by Apache that only public facing instances of this software are most at risk and as such Apache Solr deployments as part of the Livepoint X stack are not under immediate threat.
The recommended actions to mitigate this threat if the customer so deems necessary is to disable the option which allows this execution as detailed below. An upcoming release of Livepoint X platform will mitigate this risk by upgrading the version of Apache Solr deployed.

Livepoint X Versions which deploy Affected SOLR Versions

Versions Affected: All 1.3 and 1.4 versions

Apache Solr Summary of Impact

Severity: Critical
Versions Affected: 7.4.0 to 7.7.3, 8.0.0 to 8.11.0
Description: Apache Solr releases prior to 8.11.1 use a bundled version of the Apache Log4J library vulnerable to RCE. For full impact and additional detail consult the Log4J security page.
Apache Solr releases prior to 7.4 (i.e. Solr 5, Solr 6, and Solr 7 through 7.3) use log4j 1.2.17 which may be vulnerable for installations using non-default logging configurations that include the JMS Appender (see https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126 for further details).
The Prometheus Exporter Contrib is similarly separately affected.

Mitigation

Any of the following are enough to prevent this vulnerability for Solr servers:
Announcements - Previous
End of Life Announcements
Last modified 6mo ago
Copy link
Contents
Log4J CVE-2021-44228