Fix available for Apache Log4j security vulnerabilities CVE-2021-44228 and CVE-2021-45046
BMC Software is alerting users to a serious problem that requires immediate attention in version 20.08.x of the BMC Helix Connector Designer product.
If you have any questions about the problem, contact BMC Support.
December 23, 2021
A zero-day exploit for the following vulnerabilities was publicly released:
- CVE-2021-44228 (code named Log4Shell) on December 9, 2021
- CVE-2021-45046 on December 14, 2021
A detailed description of the vulnerability can be found here:
Apache Log4j Security Vulnerabilities page
Please follow the BMC Security Advisory Note on BMC Community for continuous updates and details about this issue.
We recommend that you immediately apply the fix as described in this topic.
Issue
Defect ID | CVSS v3 rating | Description |
|---|---|---|
DRISR-8427 | 10.0 | Apache Log4j Security Vulnerability (CVE-2021-44228) are identified in BMC Helix Connector Designer. |
DRISR-8437 | 9.0 | Apache Log4j Security Vulnerability (CVE-2021-45046) are identified in BMC Helix Connector Designer. |
Resolution
To resolve the issue for your custom Java-based connectors, reinstall the BMC Helix Connector Designer, and then regenerate the custom Java connectors.
To reinstall BMC Helix Connector Designer
- Log in to the system where the BMC Helix Connector Designer is installed.
- Run the following command to uninstall the current version of BMC Helix Connector Designer:
docker rm -f panama-rcb - To reinstall the BMC Helix Connector Designer, see the To set up the connector development environment section in Installing-and-setting-up-the-connector-development-environment.
- To make sure that your existing connectors are available in the updated BMC Helix Connector Designer setup, restart the Integration Controller.
- To open BMC Helix Connector Designer in your browser, navigate to https://localHost:3000/.
- From the top menu, select Integration Controller.
- Click Stop, and then click Start.
.
To regenerate custom Java-based connectors
- Log in to BMC Helix Connector Designer.
- On the Connectors tab, select the Java-based connector.
- On the General Information tab of your connector page, update the version number or select Auto-update.
- Generate the connector. For more details on generating connector files, see Building-connectors.