10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.975 High
EPSS
Percentile
99.9%
There is a vulnerability in the Apache Log4j open source library used by IBM Financial Crimes Insight for Claims Fraud for generating logs in some of its components. This bulletin provides mitigations for the Log4Shell vulnerability (CVE-2021-44228) by applying the applicable workaround steps to IBM Financial Crimes Insight for Claims Fraud.
Refer to the security bulletin(s) listed in the Remediation/Fixes section
Affected Product(s) | Version(s) |
---|---|
Financial Crimes Insights Platform | All |
CFM - Banking, Healthcare, Insurance, Government | All |
The recommended solution is to apply the fix for Elastic Search and Hadoop as in steps below as soon as possible.
Steps for Elastic Search:
To fix the log4j vulnerability in Elastic Search for IBM Financial Crimes Insight for Claims Fraud, complete the following steps:
Log into OpenShift cluster using oc login
from Ambari server.
Ensure all Elastic Search pods are healthy and Running.
oc get po | grep fci-elasticsearch
Set the JVM
property to apply log4j fix. To set, complete the following commands.
oc patch sts fci-elasticsearch-master -p ‘{“spec”:{“template”:{“spec”:{“containers”:[{“name”:“elasticsearch”,“env”:[{“name”:“ES_JAVA_OPTS”,“value”:“-Dlog4j2.formatMsgNoLookups=true”}]}]}}}}’
oc patch sts fci-elasticsearch-data -p ‘{“spec”:{“template”:{“spec”:{“containers”:[{“name”:“elasticsearch”,“env”:[{“name”:“ES_JAVA_OPTS”,“value”:“-Dlog4j2.formatMsgNoLookups=true”}]}]}}}}’
oc patch sts fci-elasticsearch-client -p ‘{“spec”:{“template”:{“spec”:{“containers”:[{“name”:“elasticsearch”,“env”:[{“name”:“ES_JAVA_OPTS”,“value”:“-Dlog4j2.formatMsgNoLookups=true”}]}]}}}}’
The Elastic Search pods are restarted automatically after the commands are executed.
Ensure all Elastic search pods are restarted.
oc get po | grep fci-elasticsearch
Verify if the log4j fix is applied successfully. The JVM process starts with a new JVM argument -Dlog4j2.formatMsgNoLookups=true
.
oc exec fci-elasticsearch-data-0 – ps aux
oc exec fci-elasticsearch-master-0 – ps aux
Steps for Hadoop:
To fix the log4j vulnerability in Hadoop for IBM Financial Crimes Insight for Claims Fraud, complete the following steps:
Download the cloudera-scripts-for-log4j-main.zip file.
Copy it to all the Hadoop nodes.
Do the following steps for every Hadoop nodes:
1. Copy the cloudera-scripts-for-log4j-main.zip
file to the /root/
.
2. Run the below commands to extract the .zip
file:
cd /root
unzip cloudera-scripts-for-log4j-main.zip
3. Run the below command and note down the folder names, such as `/usr`, `/fcigraph`, `/grid`, etc.
find / -name log4j*.jar > list_of_impacted_jars.txt
4. Create a backup folder with the below command.
mkdir /log4j_backup
5. Run the following command for each folder to apply the fix:
./run_log4j_patcher.sh hdp -t /usr/ -b /log4j_backup > patch.log 2>&1 &
Note: In the above command, replace /usr/
with the folder names that are found, such as /fcigraph/
, /grid/
, etc.
This process may take 10 to 15 minutes.
Run the following commans to verify:
cd /log4j_backup
find . -name *.backup
Note: This lists all the impacted .jar
files that are patched, and the list matches the list_of_impacted_jars.txt.
hive
and oozie
).None
CPE | Name | Operator | Version |
---|---|---|---|
financial crimes insights platform | eq | any | |
cfm - banking, healthcare, insurance, government | eq | any |
10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.975 High
EPSS
Percentile
99.9%