Raytion Enterprise Search Connectors are not affected by CVE-2021-44228 since they do not use log4j2.
All Raytion Enterprise Search Connectors use log4j1 version which is not vulnerable to CVE-2021-44228. We have done additional analysis and a similar vulnerability can only be exploited if all of the following non-default configurations are in place:
There do exist a few CVEs for log4j which all are not affecting our Raytion Enterprise Search Connectors:
It may be worthwhile checking if the connector configuration has been adapted by you.
Please note: Raytion does not deliver any Raytion Enterprise Search Connector product with those non-default settings.
Quick fix:
Linux and Windows command line:
Set -Dlog4j2.formatMsgNoLookups=true as JVM_PARAMS in ext/setenv.(sh|bat)
Windows Service:
Add -Dlog4j2.formatMsgNoLookups=true as procrun parameters
Resolution:
The following additional CVE within log4j2 does not affect Raytion SRI:
CVE-2021-45046: Thread Context Map not used by SRI; pattern not used and not exploitable. Other Context Lookups not part of default SRI log patterns.
Please refer to “Raytion Search & Retrieval Interface”.
Raytion CSM prior to version 7.x is also not vulnerable to CVE-2021-44228 as these versions use log4j version 1. We have done additional analysis and a similar vulnerability can only be exploited if all of the following non-default configurations are in place:
There do exist a few CVEs for log4j which all are not affecting our Raytion CSM
It may be worthwhile checking if the connector configuration has been adapted by you.
Raytion does not deliver any Raytion CSM product with those non-default settings.
The following references may be of further help for you and your IT teams making sure you are protected from attacks against VE-2021-44228.
Update 2021-12-14, 9pm CET via announce@apache.org: log4j2.16.0 fixes another, moderate CVE present in previous versions. Refer to https://logging.apache.org/log4j/2.x/security.html
Microsoft 365 is the heart of many digital workplaces at our customers. It offers means to implement modern intranets and portals, co-authoring, communication, and much more. Among many knowledge retrieval initiatives, key to accessing knowledge in Microsoft 365 is Microsoft Search. This guide outlines how you can implement an enterprise search based on Microsoft Search.
Microsoft 365 ist das Herz vieler digitaler Arbeitsplätze bei unseren Kunden. Es bietet Mittel zur Implementierung moderner Intranets und Portale, Co-Authoring, Kommunikation und vieles mehr. Unter vielen Knowledge Retrieval Initiatives ist Microsoft Search der Schlüssel zum Zugriff auf Wissen in Microsoft 365. In diesem Leitfaden wird beschrieben, wie Sie eine Unternehmenssuche basierend auf Microsoft Search implementieren können.
Google Cloud Search ist die Suchmaschine von Google Workspace und damit das Herzstück des digitalen Arbeitsplatzes von Google. Die Suche ist eng in die Google-Anwendungen integriert, aber man kann sie ebenfalls ins Intranet integrieren oder als eigenständige Suchmaschine verwenden. Dieser Guide beschreibt, wie Sie eine Unternehmenssuche basierend auf Google Cloud Search implementieren können.
