Update on the recent Apache Log4j2 vulnerabilities - Impact on Zoho Analytics On Premise Deployments

Update on the recent Apache Log4j2 vulnerabilities - Impact on Zoho Analytics On Premise Deployments

Dear Users,
 
Three high severity vulnerabilities (CVE- 2021-44228, CVE-2021-45105 and CVE-2021-45046), impacting multiple versions of Apache Log4j utility, was disclosed publicly on December 9, 2021. We have found no evidence of any successful exploitation in Zoho Analytics On Premise software as of today. We are continuing to analyse the issue and will provide updates of any new findings.
 
However the affected log4j version is present within Zoho Analytics On Premise as a bundled dependency, hence we strongly recommend all our customers to follow the below steps as a precautionary measure:
 
Linux users:
  • Open a terminal and navigate to "Analytics/lib/".
  • Execute the command "zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class".
  • Restart Zoho Analytics On Premise service.
Windows users:
  • Download and install 7-Zip from the 7-Zip home page
  • After installing 7-Zip, open a command prompt and navigate to the 7-Zip installation folder (ex: C:\Program Files\7-Zip\).
  • Now execute the command: "7z d <Zoho_Analytics_installed_Location>\Analytics\lib\log4j-core-2.7.jar org\apache\logging\log4j\core\lookup\JndiLookup.class". This will look like "7z d C:\Zoho\Analytics\lib\log4j-core-2.7.jar org\apache\logging\log4j\core\lookup\JndiLookup.class"
  • Restart Zoho Analytics On Premise service.
Note: These vulnerabilities will be fixed in Zoho Analytics On Premise from build 5070 (upcoming). The above steps are applicable only if your Zoho Analytics On Premise is on build 5000, 5010, 5020, 5030, 5050, and 5060. The rest of the Zoho Analytics On Premise builds are not affected.
 
Important Note: Zoho Analytics cloud service is also not affected by these vulnerabilities. Please refer to this link for more details on this.
 
For any additional details or assistance, please reach out to us at onprem-support@zohoanalytics.com
 
Last updated on : 22nd Dec 2021 09:15 GMT

    • Sticky Posts

    • Announcing Zoho Analytics 6.0 Beta!

      We are delighted to open up the next major version, Zoho Analytics 6.0 Beta! The new version comes packed with a wide range of functionalities for all persona, namely business users, data analysts, data engineers, and data scientists. Zoho Analytics team
    • What's New in Zoho Analytics - August 2024

      Hello Users! We are back with the latest updates and enhancements made to Zoho Analytics. Keep reading to learn more about them. Connect to the data hosted in the cloud without allow-listing the IP addresses Utilize Zoho Databridge to connect to the data
    • We are coming to your city! Zoho Analytics Community Meetup

      Hello, business leaders and data enthusiasts! We are delighted to announce that registrations are now open for the ZUG meetups, and we can't wait for you to be a part of them. Our in-house analytics experts are geared up to lead discussions on constructing
    • Zoho Analytics: 2021 Look Back

      As we start a new year in 2022, here's some of our top moments from 2021. Zoho Analytics in 2021
    • [Customer Talk] PREMO Group's Analyst Interview at Zoho Day 2022

      Premo Group, a 50 year old Spanish Manufacturing Company, has been our long-standing customer with #ZohoAnalytics. They've been using our platform for their end-to-end, unified business analytics solution.  Hear more from Claudio Cabeza, Director at PREMO