# Investigation of Log4j Vulnerability with Illumina LIMS On December 10, 2021, Illumina was made aware of vulnerabilities in the Apache Log4j software suite. This software component is a Java-based logging utility and part of the Apache Logging Services Foundation products. Illumina uses this software as part of certain components of the Illumina LIMS product. Issues addressed:\ CVE-2021-44228 CVSS 10.0 **Critical** (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)\ CVE-2021-45046 CVSS 9.0 **Critical** (AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\ CVE-2021-44832 CVSS 3.1 **Medium** (AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)\ For both products, reference Illumina takes Data Privacy and Security issues very seriously, and we hope this information helps alleviate any concerns about this vulnerability. If you have any questions, contact . **Steps required to remedy Log4j vulnerability on Illumina LIMS servers** 1. Log into Illumina LIMS server - either directly or with Windows Remote Desktop. 2. Search for Monitor Tomcat in the Windows start menu, and launch it.\ ![](https://761066130-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FGM9W2DuBTgEXv1ClCm8H%2Fuploads%2Fgit-blob-53175b68f3e1093fad5ac3aa0cbc8b75c3e424cb%2Fimage1.jpg?alt=media\&token=3611076b-a770-4925-b35a-6f4900633359) 3. Navigate to the Java tab, and perform the following: \* Add the line to the **Java Options**: -Dlog4j2.formatMsgNoLookups=True * Select **Apply**. * Select **OK**. ![](https://761066130-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FGM9W2DuBTgEXv1ClCm8H%2Fuploads%2Fgit-blob-c40d8bbb0feb0a3f7c8a3d042f58a391938a8632%2Fimage2.jpg?alt=media\&token=daa32368-2520-4100-a541-b00e156d2e52) 4. Alternatively, the fix can be applied via the system environmental variables. * Use Windows Search to find **Edit the system environment variables**. * Select the \*\*Environment Variables...\*\*button. * Select **New** below the list of **System variables**. * In the **New System Variable** window, enter in **Variable name:** * log4j2.formatMsgNoLookup with the Variable Value: ‘true’ * See section highlighted in the following screenshot: ![](https://761066130-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FGM9W2DuBTgEXv1ClCm8H%2Fuploads%2Fgit-blob-45b2c94e7e047ca22852ecffe3820db74649be61%2Fimage3.jpg?alt=media\&token=00b2543b-40ba-4d4e-9bbf-5fd15eaf70d3) * Select **OK**. 5. Restart Tomcat Service: * Navigate to **Services** using the Start menu. * Select **IlluminaLIMS\_Tomcat9**. * Select **Stop the service** in the left column. * Select **Start the service**. ![](https://761066130-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FGM9W2DuBTgEXv1ClCm8H%2Fuploads%2Fgit-blob-c333c5e49477969ac051f582395d70868aee06af%2Fimage4.jpg?alt=media\&token=11ea7434-7586-4e50-b2d1-5138407c2e80) 6. Log out of the LIMS server. 7. Notify Illumina Tech Support. For tracking and management purposes, email to inform Tech Support that the fix is in place. \ \ \
| | | :---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------: | | *For any feedback or questions regarding this article (Illumina Knowledge Article #6336), contact Illumina Technical Support* [*techsupport@illumina.com*](mailto:techsupport@illumina.com?subject=Question%2FFeedback%20Regarding%20Illumina%20Knowledge%20Article%20#000006336%20-%20Microarray%20\&body=Dear%20Illumina%20Technical%20Support,%0D%0A%0D%0A)*.* |