How do we remediate the vulnerability of xPlore due to outdated log4j exploits
xPlore vulnerability remediation steps
- Stop the xPlore service.
- In the sftp site, download the file "Log4J_files.zip".
sftp://resellersftp.metasource.com/xPlore/20.2/
username: techsupport
password: (request by emailing support@metasource.com) - Extract this zip file. It contains the replacements for the old vulnerable .jar files.
- Clean up xPlore:
- Delete these files (they are not needed for basic xPlore functionality):
..\xplore\contextual-content\cce.war
..\xplore\recommendation\recommendation.war - Replace this file with the replacement log4j jar file from the zip.
..\xplore\setup\indexagent\tools\lib\log4j-1.2.17.jar
..\xplore\wildfly17.0.1\server\DctmServer_PrimaryDsearch\deployments\dsearchadmin.war\WEB-INF\lib\log4j-1.2.13.jar
..\xplore\wildfly17.0.1\server\DctmServer_PrimaryDsearch\deployments\dsearch.war\WEB-INF\lib\log4j-1.2.17.jar - Rename each .war file below with a .zip extension.
..\xPlore\setup\dsearch\cps.war
..\xPlore\setup\dsearch\dsearch.war
..\xPlore\setup\dsearch\dsearchadmin.war - Open each of them up like a zip file, then browse to the folder path below for each file:
- cps.war\WEB-INF\lib
- dsearch.war\WEB-INF\lib
- dsearchadmin.war\WEB-INF\lib - Delete the log4j-1.2.x.jar files inside each lib folder.
- Delete the slf4j-api-1.7.x.jar files inside each lib folder.
- Copy the replacement .jar files from the .zip in their place:
- log4j-1.2.20.jar
- slf4j-api-1.7.36.jar - Rename the files from step 4 back to the original names with the .war extensions.
- Do a file search in the xPlore directory for log4j*. If any results are returned for log4j-1.2.17 (or earlier), replace it with the log4j-.1.2.20.jar file from the zip file.
- Delete these files (they are not needed for basic xPlore functionality):