Medeco CLIQ Log4j

TECHNICAL ANNOUNCEMENT: Medeco CLIQ Log4j

DATE:  December 20, 2021

**If you are not a Medeco CLIQ customer, you are not impacted by this vulnerability and can disregard this message**

This is a technical announcement Medeco on the zero day vulnerability for Apache Log4j and its potential risks to Medeco CLIQ Web Manager.

Customers who use the Medeco-hosted CLIQ SaaS environment have been upgraded to CLIQ Web Manager 11.0.2. No action is needed for Medeco-hosted users.

We highly recommend self-hosted CLIQ Web Manager users update to version 11.0.2 as soon as possible. Self-hosted customers should contact Medeco Technical support by calling 800-839-3157 or by starting a chat session.

Self-hosted customers who are unable to upgrade to 11.0.2 right away should immediately implement the mitigation instructions detailed below. (Note: If you are immediately updating to 11.0.2, you do not need to follow the mitigation instructions below.)

Self-hosted Medeco CLIQ Web Manager customers who are not updating to version 11.0.2 should take the following actions:

Please notify your Medeco CLIQ Web Manager administrator of the following:

1. Take database backup before conducting any changes
2. Take backup of CLIQ Web Manager and CLIQ Remote installation folders
3. Stop CLIQ Web Manager Windows service
4. Stop CLIQ Remote Windows service
5. Execute the following configuration changes:

   I.

Open the <CWM_installation_directory>\tomcat\conf\catalina.properties file in any text editor (as an administrator)

  II.

At the end of the file, please add following line: log4j2.formatMsgNoLookups=true

  III. Save the file
  IV. Conduct the file change on both CWM and the CLIQ Remote application server


6. Start CLIQ Remote Windows  service
7. Start CLIQ Web Manager Windows service
8. Conduct health check on application functions & key updates

For questions or more information, call Medeco Technical Support at 800-839-3157 or click here to start a chat with a
Medeco Technical Support representative.