oneWeigh Bin Management (formerly binSight) Log4J Vulnerability Resolution

NOTE

To view your current binSight version. Navigate to “Help>About binSight”

Log4J Vulnerability Resolution

Remediation for all affected binSight versions: 3.1.9, 3.2.1, 3.2.2, 3.2.3, and 3.2.4.

Steps to remove immediate vulnerability to run on BOTH Client and Server machines. The server MUST be completed first. Client machines do NOT have services. (Reboot required)

Close all open applications
Stop binSight Service

Follow the below steps to add an environmental variable to stop all Log4J library logging.

a. Start menu -> Edit the system environment variables

or Control Panel -> System -> Advanced system settings> Select Environmental Variables.

b. Click New at bottom of window... (below System variables header)

c. Input Variable name: LOG4J_FORMAT_MSG_NO_LOOKUPS

d. Input Variable value: true

e. Click OK to confirm variable

f. Click OK to close environment variables

g. Close all windows

h. Stop and start binSight service (a full system reboot is recommended).

Adding the system environmental variable removes immediate risk to the Log4J vulnerability.

Setting the environment variable has no effect on any of binSight's logging. The environment variable simply disables a feature that binSight does NOT use but is used for the exploited vulnerability.

It is strongly encouraged for you to upgrade to the latest binSight release, 3.2.4, it has been remediated. The environmental variables are machine specific and upgrading to 3.2.4 will provide ultimate protection to your business going forward – even when machines are replaced.

Prior to any binSight upgrade always perform a binSight database backup and follow binSight installation instructions.

binSight releases for 3.2.4 can be found here: https://culturana.force.com/proceres/s/releases