RICOH InfoPrint Manager™

The RICOH InfoPrint Manager team provides these procedures to mitigate the effects of CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, and CVE-2021-44832.

Ricoh understands the importance of security and is committed to managing its products and services with the most advanced security technologies possible for its customers worldwide, and released this statement to our customers.

Important:

January 20, 2022
- Updated RICOH InfoPrint Manager and InfoPrint Manager Transform feature packages to include log4j version 2.17.1 and updated verification instructions accordingly.
December 22, 2021, 1:00 PM EST:
- Updated procedure to increase usability.
- Added requirement to download the Transform Feature update package for InfoPrint Manager version 4.9.2 in addition to version 4.10.1.
December 21, 2021, 3:30 PM EST:
- The RICOH InfoPrint Manager update packages have been updated to include log4j version 2.17, to address CVE-2021-45105 in addition to CVE-2021-44228 and CVE-2021-45046.
- Instructions have been added for updating the Transform Feature for InfoPrint Manager version 4.10.1, if it is installed on your system.
December 17, 2021, 12:00 PM EST:
- RICOH InfoPrint Manager versions 4.9.2 and higher are impacted by these vulnerabilities. Follow the procedure below for your version and operating system to update your InfoPrint Manager server.
- If you are running InfoPrint Manager 4.10.0 : We recommend updating to Version 4.10.1, then applying the update package for Version 4.10.1. Follow the usual instructions for installing service updates: AIX, Windows, Linux
- Versions of RICOH InfoPrint Manager below 4.9.2 are not affected. No action is required.

Follow the instructions for your operating system:

All operating systems: Download the software update package:
1. Make sure you have a valid product EID to access the software download website.
2. Open the Ricoh Software Download website: https://dl.ricohsoftware.com
3. Click Software Downloads.
4. Enter your product EID and click Submit.
  - If you are running InfoPrint Manager Version 4.10.0, remember to update to version 4.10.1 before installing the update package.
5. On the product page, click View Related Files on the right side.
6. On the RICOH InfoPrint Manager Related Files page, click InfoPrint Manager Security Update (CVE-2021-44228) to download the package.
7. If you are updating RICOH InfoPrint Manager or 4.9.2 or 4.10.1 and have the Transform Feature installed, click InfoPrint Manager Transform Manager Feature Security Update (CVE-2021-44228) to download the Transform Feature update as well.
8. Continue with the installation steps for your operating system.
RICOH InfoPrint Manager for AIX
1. Stop the web server. Open SMIT and choose: InfoPrint Printing System ⇒ InfoPrint Ultilities ⇒ Stop the Web Server
2. Open: /var/pd/ipmws/webapps
3. Check the current ownership and permissions for the files listed. If any of the files are not owned by ipm1, make note of the owner ID.
  Enter this command:
```
ls -l /var/pd/ipmws/webapps/IPM /var/pd/ipmws/webapps/IPM.war /var/pd/ipmws/webapps/jobviewer /var/pd/ipmws/webapps/jobviewer.war /var/pd/ipmws/webapps/ipmnx /var/pd/ipmws/webapps/ipmnx.war >ls_prelog4j.out
```
  - Only include /var/pd/ipmws/webapps/ipmnx and /var/pd/ipmws/webapps/ipmnx.war if the Pull Print feature is installed.
4. Back up the existing files.
  Enter this command:
```
tar -cvf /var/pd/ipmws/webapps_prelog4j.tar /var/pd/ipmws/webapps/IPM.war /var/pd/ipmws/webapps/jobviewer.war /var/pd/ipmws/webapps/ipmnx.war
```
  - Only include /var/pd/ipmws/webapps/ipmnx.war if the Pull Print feature is installed.
5. Remove the existing files.
  Enter this command:
```
rm -r /var/pd/ipmws/webapps/IPM /var/pd/ipmws/webapps/IPM.war /var/pd/ipmws/webapps/jobviewer /var/pd/ipmws/webapps/jobviewer.war /var/pd/ipmws/webapps/ipmnx /var/pd/ipmws/webapps/ipmnx.war
```
  - Only include /var/pd/ipmws/webapps/ipmnx and /var/pd/ipmws/webapps/ipmnx.war if the Pull Print feature is installed.
6. Unzip the update package that you downloaded. Copy the WAR files from that package into /var/pd/ipmws/webapps.
  - Only include ipmnx.war if the Pull Print feature is installed.
7. Update the privileges and access rights for the new WAR files, ensuring that the IPM.war has the same privileges as IPMHelp.war.
  If you installed as ipm1, run the commands listed. If you installed as a different user, use the same commands, but replace ipm1 with the correct user name.
```
chown ipm1:sys /var/pd/ipmws/webapps/IPM.war
chmod 544 /var/pd/ipmws/webapps/IPM.war
chown ipm1:sys /var/pd/ipmws/webapps/jobviewer.war
chmod 544 /var/pd/ipmws/webapps/jobviewer.war
chown ipm1:sys /var/pd/ipmws/webapps/ipmnx.war
chmod 544 /var/pd/ipmws/webapps/ipmnx.war
```
8. Start the web server. Open SMIT and choose: InfoPrint Printing System ⇒ InfoPrint Ultilities ⇒ Start the Web Server
9. Verify that the InfoPrint Manager security update is installed:
  - Open the InfoPrint Manager Web GUI and check the About box. If the Build Date is 2022.01.06, the patch is installed.
  - Open a command prompt and change the current drive to the drive where InfoPrint Manager is installed.
  - Run the command: find /var/pd -name “log4j-*”
  - You should see only log4j libraries with version 2.17.1
RICOH InfoPrint Manager for Linux
1. Stop the web server using the InfoPrint Manager Management Interface (MMI).
2. Open: /var/pd/ipmws/webapps
3. Check the current ownership and permissions for the files listed. If any of the files are not owned by ipm1, make note of the owner ID.
  Enter this command:
```
ls -l /var/pd/ipmws/webapps/IPM /var/pd/ipmws/webapps/IPM.war /var/pd/ipmws/webapps/jobviewer /var/pd/ipmws/webapps/jobviewer.war /var/pd/ipmws/webapps/ipmnx /var/pd/ipmws/webapps/ipmnx.war >ls_prelog4j.out
```
  - Only include /var/pd/ipmws/webapps/ipmnx and /var/pd/ipmws/webapps/ipmnx.war if the Pull Print feature is installed.
4. Back up the existing files.
  Enter this command:
```
tar -cvf /var/pd/ipmws/webapps_prelog4j.tar /var/pd/ipmws/webapps/IPM.war /var/pd/ipmws/webapps/jobviewer.war /var/pd/ipmws/webapps/ipmnx.war
```
  - Only include /var/pd/ipmws/webapps/ipmnx.war if the Pull Print feature is installed.
5. Remove the existing files.
  Enter this command:
```
rm -r /var/pd/ipmws/webapps/IPM /var/pd/ipmws/webapps/IPM.war /var/pd/ipmws/webapps/jobviewer /var/pd/ipmws/webapps/jobviewer.war /var/pd/ipmws/webapps/ipmnx /var/pd/ipmws/webapps/ipmnx.war
```
6. Unzip the update package that you downloaded. Copy the WAR files from that package into /var/pd/ipmws/webapps.
  - Only include ipmnx.war if the Pull Print feature is installed.
7. Update the privileges and access rights for the new WAR files, ensuring that the IPM.war has the same privileges as IPMHelp.war.
  If you installed as ipm1, run the commands listed. If you installed as a different user, use the same commands, but replace ipm1 with the correct user name.
```
chown ipm1:sys /var/pd/ipmws/webapps/IPM.war
chmod 644 /var/pd/ipmws/webapps/IPM.war
chown ipm1:sys /var/pd/ipmws/webapps/jobviewer.war
chmod 644 /var/pd/ipmws/webapps/jobviewer.war
chown ipm1:sys /var/pd/ipmws/webapps/ipmnx.war
chmod 644 /var/pd/ipmws/webapps/ipmnx.war
```
8. Start the web server using the MMI.
9. Verify that the InfoPrint Manager security update is installed:
  - Open the InfoPrint Manager Web GUI and check the About box. If the Build Date is 2022.01.06, the patch is installed.
  - Open a command prompt and change the current drive to the drive where InfoPrint Manager is installed.
  - Run the command: find /var/pd -name "log4j-*"
  - You should see only log4j libraries with version 2.17.1
RICOH InfoPrint Manager for Windows
1. Stop the web server using the InfoPrint Manager Microsoft Management Console (MMC).
2. Open the folder where the InfoPrint Manager web server is installed. If you used the default installation path, open C:\ProgramData\RICOH\InfoPrint Manager\ipmws\webapps.
  If you installed in a different location, search for ipmws and open that folder.
3. Back up these file:
  - IPM.war
  - jobviewer.war
  - ipmnx.war
    This file only exists if the Pull Print feature is installed.
4. Delete these files and folders from inside the webapps folder:
  - IPM
  - IPM.war
  - jobviewer
  - jobviewer.war
  - ipmnx (if it exists)
  - ipmnx.war (if it exists)
5. Unzip the update package that you downloaded. Copy the WAR files from that package into the webapps folder.
  - Only include ipmnx.war if the Pull Print feature is installed.
6. Start the web server using the MMC.
7. Verify that the InfoPrint Manager security update is installed:
  - Open the InfoPrint Manager Web GUI and check the About box. If the Build Date is 2022.01.06, the patch is installed.
  - Open a command prompt and change the current drive to the drive where InfoPrint Manager is installed.
  - Run the command: dir /s "log4j-*"
  - You should see only log4j libraries with version 2.17.1
RICOH InfoPrint Manager for Linux: Transform Feature
1. Log in to your system as the root user.
2. Copy the provided file to an empty directory. Run these commands to unpack the package:
  - gzip -d tf_patch_log4j_2.17.1_linux.tar.gz
  - tar -xf tf_patch_log4j_2.17.1_linux.tar
3. Run the ./patch_linux.sh script file.
4. To verify that the patch was correctly applied:
  - Run the command: find /opt/infoprint/itm -name "log4j-*"
  - You should see only the log4j libraries with version 2.17.1
RICOH InfoPrint Manager for Windows: Transform Feature
1. Log in as a user who is a member of the Administrator security group.
2. Copy the provided file to an empty directory and unzip the packages.
3. Run the patch_windows.cmd script file.
4. To verify that the patch was correctly applied:
  - Open a command prompt and change the current drive to the drive where Transform Features are installed.
  - Run the command: dir /s "log4j-*"
  - You should see only log4j libraries with version 2.17.1

Software Support

RICOH InfoPrint Manager™