How CVE 2022-23307 Affect Products From Synametrics

National Institute of Standards and Technology (NIST) logged in a new vulnerability regarding Chainsaw, which also affected Log4J on Jan 18, 2022. Log4J is a common library from Apache Foundation used in products published by many companies, including the Xeams.

Chainsaw is a GUI-based application that can be used to view log files. Although Xeams does not use this application internally, a third-party library used in Xeams includes this application. Therefore, a user with malicious intent and access to the machine running Xeams could run this application.


Log4J is used in two components:

  1. The application itself. Simply upgrade to the latest build of Syncrify/SynaMan to handle this situation.
  2. AppLauncher.jar, which is used to restart Syncrify/SynaMan. This file is not updated automatically. Therefore, follow the steps below to update this file.
    • Download the update file from here and replace it with the existing file, which is in $INSTALL_DIR\patches folder.
    • Restart SynaMan/Syncrify to ensure it is able to restart itself.

Confirming you're not affected

Follow the steps below to confirm you're not using the affected version.

On Linux

  • Open a Terminal/SSH session and change directory to the $INSTALL_DIR, which will most likely be /opt/Syncrify or /opt/SynaMan
  • Type the following command:
    unzip -l lib/SynaMan.jar | grep -i chainsaw
    unzip -l patches/AppLauncher.jar | grep -i chainsaw
  • None of these commands should return any results. Replace SynaMan.jar with Syncrify.jar if necessary.

On Windows

  • Open a Windows File Explorer and change directory to the installation folder, which could be either in C: or in C:\Program Files
  • Copy patches/AppLauncher.jar to another folder, such as C:\Temp .
  • Rename the file from AppLauncher.jar to
  • Double click the file to open the zipped archive.
  • Ensure you do not see a sub-folder called org\apache\log4j\chainsaw.
  • Repeat this process with SynaMan.jar or Syncrify.jar, whichever is applicable in your case.

Related Articles


Social Media

Powered by