How CVE-2019-17571 Affect Products From Synametrics

National Institute of Standards and Technology (NIST) logged in a new vulnerability regarding Log4J on Dec 20, 2019. Log4J is a common library from Apache Foundation used in products published by numerous companies. Following products from Synametrics Technologies also use this library:

Although the affected version of the library is used in products published by Synametrics, the actual file with the problem is not. The vulnerability affects products that use SocketServer class in Log4J, which is used to send logged messages to a remote computer using TCP/IP sockets.

Log files in products from Synametrics are only written to local disks, not across the network.

Patching Your End

Although none of the products are affected, out of an abundance of caution, follow the steps below if you would like to patch this library on your end.

  • Download a modified version of log4j.jar from here. This modified version does not contain SocketServer class, which is causing the problem. Since this class is not used, you will not get any runtime errors.
  • The MD5 signature of the downloaded file should be 22486aa01a6352b8c6068cf9dd545221
  • Stop the Xeams
  • Replace the downloaded file with the one on your machine. Use the following table to determine the actual location:
    Software Operating System Location
    Xeams Windows C:\Xeams\lib
    Xeams Linux /opt/Xeams/lib
  • Restart Xeams once file is replaced

Note

  • Newer installers from Synametrics will included this modified version of the file and therefore, no patching will be required in that case.
  • There is no separate JAR file for Log4J when using Syncrify/SynaMan. This update library is part of the latest software patch

Navigation

Social Media

Powered by 10MinutesWeb.com