This article describes the Apache log4j Vulnerability's effect on FortiAnalyzer-Bigdata and how to Mitigate it.
|Scope||FortiAnalyzer-BigData 6.4, 7.0.|
FortiAnalyzer-BD has components that utilize log4j but the impact surface is very limited.
To mitigate the vulnerability, It is possible either:
1) Upgrade to Special Build based on 6.4.6 or 7.0.1.
2) Run Script to mitigate the vulnerability in Live Environment without upgrading.
Below are the steps to run the script:
1) Unzip the attached Script file patch_log4j_vulnerability.zip.
Select 'Start All Services' and wait until done.
If Factory Reset is performed, then the script needs to be run again.