How CVE-2021-4104 Affect Products From Synametrics


National Institute of Standards and Technology (NIST) logged in a new vulnerability regarding Log4J on Dec 19, 2021. Log4J is a common library from Apache Foundation used in products published by numerous companies. Following products from Synametrics Technologies also use this library:


Although the affected version of the library is used in products published by Synametrics, the actual file with the problem is not. The vulnerability affects products that use JMSAppender class in Log4J, which is used to send logged messages to a remote computer using JMS Messaging.

Log files in products from Synametrics are only written to local disks, not across the network.

Patching Your End

Although none of the products are affected, out of an abundance of caution, follow the steps below if you would like to patch this library on your end.

Xeams

  • Download a modified version of log4j.jar from here. This modified version does not contain JMSAppender class, which is causing the problem. Since this class is not used, you will not get any runtime errors.
  • The MD5 signature of the downloaded file should be 22486aa01a6352b8c6068cf9dd545221
  • Stop the Xeams
  • Replace the downloaded file with the one on your machine. Use the following table to determine the actual location:
    Software Operating System Location
    Xeams Windows C:\Xeams\lib
    Xeams Linux /opt/Xeams/lib
  • Restart Xeams once file is replaced

Syncrify

A new version of Syncrify (v5.3) will be released publicly around Jan 05, 2022. This version will not contain JMSAppender and SocketServer classes. Click here to download a pre-release edition of v5.3. This link will not work after Jan 17, 2022. Follow these instructions in order to patch Syncrify on your end. You will need a valid support contract in order to upgrade.

SynaMan

An official update for SynaMan was released on January 03, 2022 that does not include affected (JMSAppender and SocketServer) classes. You will need a valid support contract in order to upgrade.

Related CVE


Navigation

Social Media

Powered by 10MinutesWeb.com