Illumina Connected Software Illumina.com Illumina Support

Investigation of Log4j Vulnerability with Illumina LIMS

On December 10, 2021, Illumina was made aware of vulnerabilities in the Apache Log4j software suite. This software component is a Java-based logging utility and part of the Apache Logging Services Foundation products. Illumina uses this software as part of certain components of the Illumina LIMS product.

Issues addressed: CVE-2021-44228 CVSS 10.0 Critical (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) CVE-2021-45046 CVSS 9.0 Critical (AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H) CVE-2021-44832 CVSS 3.1 Medium (AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H) For both products, reference https://logging.apache.org/log4j/2.x/security.html

Illumina takes Data Privacy and Security issues very seriously, and we hope this information helps alleviate any concerns about this vulnerability. If you have any questions, contact techsupport@illumina.com.

Steps required to remedy Log4j vulnerability on Illumina LIMS servers

Log into Illumina LIMS server - either directly or with Windows Remote Desktop.
Search for Monitor Tomcat in the Windows start menu, and launch it.
Navigate to the Java tab, and perform the following: * Add the line to the Java Options: -Dlog4j2.formatMsgNoLookups=True

Select Apply.
Select OK.

Alternatively, the fix can be applied via the system environmental variables.

Use Windows Search to find Edit the system environment variables.
Select the **Environment Variables...**button.
Select New below the list of System variables.
In the New System Variable window, enter in Variable name:
- log4j2.formatMsgNoLookup with the Variable Value: ‘true’
See section highlighted in the following screenshot:
Select OK.

Restart Tomcat Service:

Navigate to Services using the Start menu.
Select IlluminaLIMS_Tomcat9.
Select Stop the service in the left column.
Select Start the service.

Log out of the LIMS server.
Notify Illumina Tech Support. For tracking and management purposes, email techsupport@illumina.com to inform Tech Support that the fix is in place.

For any feedback or questions regarding this article (Illumina Knowledge Article #6336), contact Illumina Technical Support techsupport@illumina.com.

Last updated 6 months ago

© 2023 Illumina, Inc. All rights reserved. All trademarks are the property of Illumina, Inc. or their respective owners. Trademark information: illumina.com/company/legal.html. Privacy policy: illumina.com/company/legal/privacy.html

Steps required to remedy Log4j vulnerability on Illumina LIMS servers

Log into Illumina LIMS server - either directly or with Windows Remote Desktop.
Search for Monitor Tomcat in the Windows start menu, and launch it.
Navigate to the Java tab, and perform the following: * Add the line to the Java Options: -Dlog4j2.formatMsgNoLookups=True

Select Apply.
Select OK.

Alternatively, the fix can be applied via the system environmental variables.

Use Windows Search to find Edit the system environment variables.
Select the **Environment Variables...**button.
Select New below the list of System variables.
In the New System Variable window, enter in Variable name:
- log4j2.formatMsgNoLookup with the Variable Value: ‘true’
See section highlighted in the following screenshot:
Select OK.

Restart Tomcat Service:

Navigate to Services using the Start menu.
Select IlluminaLIMS_Tomcat9.
Select Stop the service in the left column.
Select Start the service.

Log out of the LIMS server.
Notify Illumina Tech Support. For tracking and management purposes, email techsupport@illumina.com to inform Tech Support that the fix is in place.

For any feedback or questions regarding this article (Illumina Knowledge Article #6336), contact Illumina Technical Support techsupport@illumina.com.