Translation Notice
Please note that this content includes text that has been machine-translated from English. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.
Impact of CVE-2021-44228 Apache Log4j Vulnerability on NetBackup OpsCenter Versions 8.1.2 - 8.3.0.1
Abstract
Description
====================================================================================================================
IMPORTANT UPDATE
There are OpsCenter Engineering Binaries being developed and now available which prevent the need to perform these manual mitigation steps.
Please contact NetBackup Support to obtain the following EEB if your OpsCenter is running 8.2.
OpsCenter 8.2, install EEB ET 4058565 Version 1
====================================================================================================================
Mitigation Steps:
Replace existing log4j-core-2.11.0.jar having CVE-2021-44228 with fixed log4j-core-2.11.0.jar as documented in the README section of this Update.
Downloads:
log4j-core-2.11.0.zip
SHA-256 Checksums for files:
File Checksum Byte count
log4j-core-2.11.0.jar defa471cae5a97ea8b4c0d78e23b2e9464a34c7656d24618f4c364c3517a075b 1,582,200
===================================================================================================================
IMPORTANT UPDATE
There are OpsCenter Engineering Binaries being developed and now available which prevent the need to perform these manual mitigation steps.
Please contact NetBackup Support to obtain the following EEB if your OpsCenter is running 8.2.
OpsCenter 8.2, install EEB ET 4058565 Version 1
===================================================================================================================
Mitigation Installation Instructions
Windows Steps for GUI + Server component.
- Download fixed log4j-core-2.11.0.jar.zip file from Veritas Download Center
- Stop OpsCenter Services using [OPSCENTER_SERVER_INSTALL_FOLDER]\opscenter\server\bin\opsadmin.bat stop
- Take backup of log4j-core-2.11.0.jar file from [OPSCENTER_SERVER_INSTALL_FOLDER]\OpsCenter\server\lib to any backup/temp folder
- Replace log4j-core-2.11.0.jar file from [OPSCENTER_SERVER_INSTALL_FOLDER]\OpsCenter\server\lib with donwloaded log4j-core-2.11.0.jar from step (1)
- Replace log4j-core-2.11.0.jar file from [OPSCENTER_SERVER_INSTALL_FOLDER]\OpsCenter\gui\webserver\webapps\opscenter\WEB-INF\lib with downloaded log4j-core-2.11.0.jar from step (1)
- Take backup of opscenter.war file from [OPSCENTER_SERVER_INSTALL_FOLDER]\OpsCenter\gui folder to any backup/temp folder
- Delete opscenter.war file from [OPSCENTER_SERVER_INSTALL_FOLDER]\OpsCenter\gui folder and also other opscenter.war files having extended naming convention similar to this format (if present) e.g. opscenter.war.8301EEB_ET4021994_1.
- Delete opscenter.war file from [OPSCENTER_SERVER_INSTALL_FOLDER]\OpsCenter\gui\webserver\webapps folder
- Start OpsCenter Services using [OPSCENTER_SERVER_INSTALL_FOLDER]\opscenter\server\bin\opsadmin.bat start
- Login to OpsCenter Console
- Delete backed up files log4j-core-2.11.0.jar from step (3) and opscenter.war from step (6)
Windows Steps for View Builder component:
- Download fixed log4j-core-2.11.0.jar file from Veritas Download Center
- Close ViewBuilder if it's open
- Take backup of log4j-core-2.11.0.jar file from [OPSCENTER_VIEWBUILDER_INSTALL_FOLDER]\OpsCenter\viewbuilder\lib to any backup/temp folder
- Replace log4j-core-2.11.0.jar file from [OPSCENTER_VIEWBUILDER_INSTALL_FOLDER]\OpsCenter\viewbuilder\lib with donwloaded log4j-core-2.11.0.jar from step (1)
- Login to ViewBuilder
- Delete backed up file log4j-core-2.11.0.jar from step (3)
Windows Steps for Agent component:
The OpsCenter Agent is not supported as a part of product. If the agent is installed, please uninstall the OpsCenter Agent software
Linux steps for GUI+Server component
- Download fixed log4j-core-2.11.0.jar file from Veritas Download Center
- Run SHA-256 against the jar file and compare.
- Stop OpsCenter Services using [OPSCENTER_SERVER_INSTALL_FOLDER]/SYMCOpsCenterServer/bin/opsadmin.sh stop
- Take backup of log4j-core-2.11.0.jar file from [OPSCENTER_SERVER_INSTALL_FOLDER]/SYMCOpsCenterServer/lib to any backup/temp folder
- Replace log4j-core-2.11.0.jar file from [OPSCENTER_SERVER_INSTALL_FOLDER]/SYMCOpsCenterServer/lib with downloaded log4j-core-2.11.0.jar from step (1)
- Replace log4j-core-2.11.0.jar file from [OPSCENTER_SERVER_INSTALL_FOLDER]/SYMCOpsCenterGUI/webserver/webapps/opscenter/WEB-INF/lib with donwloaded log4j-core-2.11.0.jar from step (1)
- Take backup of opscenter.war file from [OPSCENTER_SERVER_INSTALL_FOLDER]/SYMCOpsCenterGUI folder to any backup/temp folder
- Delete opscenter.war file from [OPSCENTER_SERVER_INSTALL_FOLDER]/SYMCOpsCenterGUI folder and also other opscenter.war files having extended naming convention similar to this format (if present) e.g. opscenter.war.8301EEB_ET4021994_1.
- Note: DO NOT delete opscenter.war soft link from [OPSCENTER_SERVER_INSTALL_FOLDER]/SYMCOpsCenterGUI/webserver/webapps folder
- Start OpsCenter Services using [OPSCENTER_SERVER_INSTALL_FOLDER]/SYMCOpsCenterServer/bin/opsadmin.sh start
- Login to OpsCenter Console
- Delete backed up files log4j-core-2.11.0.jar from step (4) and opscenter.war from step (7)
Linux Steps for Agent component:
The OpsCenter Agent is not supported as a part of product. If the agent is installed, please uninstall the OpsCenter Agent software
Applies to the following product releases
Update files
|
File name | Description | Version | Platform | Size |
---|
Knowledge base
Impact of CVE-2021-44228 and CVE-2021-45046 Apache Log4j Vulnerability on NetBackup
2022-12-05About Apache Log4j Vulnerabilities Apache Log4j is an open-source, Java-based logging utility widely used by enterprise applications and cloud services. Veritas is tracking the recently announced vulnerabilities in Apache’s Log4j. All Veritas Pro...