> For the complete documentation index, see [llms.txt](https://knowledge.illumina.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://knowledge.illumina.com/microarray/lims/microarray-lims-reference_material-list/000006336.md).

# Investigation of Log4j Vulnerability with Illumina LIMS

On December 10, 2021, Illumina was made aware of vulnerabilities in the Apache Log4j software suite. This software component is a Java-based logging utility and part of the Apache Logging Services Foundation products. Illumina uses this software as part of certain components of the Illumina LIMS product.

Issues addressed:\
CVE-2021-44228 CVSS 10.0 **Critical** (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)\
CVE-2021-45046 CVSS 9.0 **Critical** (AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\
CVE-2021-44832 CVSS 3.1 **Medium** (AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)\
For both products, reference <https://logging.apache.org/log4j/2.x/security.html>

Illumina takes Data Privacy and Security issues very seriously, and we hope this information helps alleviate any concerns about this vulnerability. If you have any questions, contact <techsupport@illumina.com>.

**Steps required to remedy Log4j vulnerability on Illumina LIMS servers**

1. Log into Illumina LIMS server - either directly or with Windows Remote Desktop.
2. Search for Monitor Tomcat in the Windows start menu, and launch it.\
   ![](/files/NYgbVV4bIOuMbqSSN2Hx)
3. Navigate to the Java tab, and perform the following: \* Add the line to the **Java Options**: -Dlog4j2.formatMsgNoLookups=True

* Select **Apply**.
* Select **OK**.

  ![](/files/u84fye3fo2JOSwCmee4q)

4. Alternatively, the fix can be applied via the system environmental variables.

* Use Windows Search to find **Edit the system environment variables**.
* Select the \*\*Environment Variables...\*\*button.
* Select **New** below the list of **System variables**.
* In the **New System Variable** window, enter in **Variable name:**
  * log4j2.formatMsgNoLookup with the Variable Value: ‘true’
* See section highlighted in the following screenshot:

  ![](/files/7YMc7APvLjNSHNjCxdDY)
* Select **OK**.

5. Restart Tomcat Service:

* Navigate to **Services** using the Start menu.
* Select **IlluminaLIMS\_Tomcat9**.
* Select **Stop the service** in the left column.
* Select **Start the service**.

  ![](/files/pREU1H500qq54acIfJd5)

6. Log out of the LIMS server.
7. Notify Illumina Tech Support. For tracking and management purposes, email <techsupport@illumina.com> to inform Tech Support that the fix is in place.

\
\
\ <br>

|                                                                                                                                                                                                                                                                                                                                                                   |
| :---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------: |
| *For any feedback or questions regarding this article (Illumina Knowledge Article #6336), contact Illumina Technical Support* [*techsupport@illumina.com*](mailto:techsupport@illumina.com?subject=Question%2FFeedback%20Regarding%20Illumina%20Knowledge%20Article%20#000006336%20-%20Microarray%20\&body=Dear%20Illumina%20Technical%20Support,%0D%0A%0D%0A)*.* |


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://knowledge.illumina.com/microarray/lims/microarray-lims-reference_material-list/000006336.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.