Sign In
Forgot Password

Don’t have an account? Create One.

Instructions for How to Create, View, and Manage Cases

Impact of CVE-2021-44228 Apache Log4j Vulnerability on NetBackup OpsCenter Versions 8.3.0.2 - 9.1.0.1

HotFix
Update ID: UPD532246
Version: 8.3.0.2 - 9.1.0.1
Platform: Cross-platform
Release date: 2021-12-15

Abstract

Mitigation steps to replace existing log4j-core-2.13.3.jar having CVE-2021-44228 with fixed log4j-core-2.13.3.jar

Description

Problem:

Impact of CVE-2021-44228 Apache Log4j Vulnerability on NetBackup OpsCenter Versions 8.3.0.2 - 9.1.0.1

 

See Knowledge Base article below for additional details.

 

https://www.veritas.com/content/support/en_US/article.100052100

 

Mitigation Steps: 

 

Replace existing log4j-core-2.13.3.jar having CVE-2021-44228 with fixed log4j-core-2.13.3.jar as documented in the README section of this Update.

 

Downloads:
log4j-core-2.13.3.zip

 

SHA-256 Checksums for files:

File                                                   Checksum                                                                                                                                  Byte count
log4j-core-2.13.3.jar                      5d929f22dc6a6c9c8320e282a6e864773a12c504f7443dfec9408a4520aef659          1,694,512

 

Installation Instruction

 

Windows Steps for GUI + Server component.

  1. Download fixed log4j-core-2.13.3.jar.zip file from Veritas Download Center
  2. Stop OpsCenter Services using [OPSCENTER_SERVER_INSTALL_FOLDER]\opscenter\server\bin\opsadmin.bat stop
  3. Take backup of log4j-core-2.13.3.jar file from [OPSCENTER_SERVER_INSTALL_FOLDER]\OpsCenter\server\lib to any backup/temp folder
  4. Replace log4j-core-2.13.3.jar file from [OPSCENTER_SERVER_INSTALL_FOLDER]\OpsCenter\server\lib with downloaded log4j-core-2.13.3.jar from step (1)
  5. Replace log4j-core-2.13.3.jar file from [OPSCENTER_SERVER_INSTALL_FOLDER]\OpsCenter\gui\webserver\webapps\opscenter\WEB-INF\lib with downloaded log4j-core-2.13.3.jar from step (1)
  6. Take backup of opscenter.war file from [OPSCENTER_SERVER_INSTALL_FOLDER]\OpsCenter\gui folder to any backup/temp folder
  7. Delete opscenter.war file from [OPSCENTER_SERVER_INSTALL_FOLDER]\OpsCenter\gui folder and also other opscenter.war  files having extended naming convention similar to this format (if present) e.g. opscenter.war.9101EEB_ET4049887_1.
  8. Delete opscenter.war file from [OPSCENTER_SERVER_INSTALL_FOLDER]\OpsCenter\gui\webserver\webapps folder
  9. Start OpsCenter Services using [OPSCENTER_SERVER_INSTALL_FOLDER]\opscenter\server\bin\opsadmin.bat start
  10. Login to OpsCenter Console
  11. Delete backed up files log4j-core-2.13.3.jar from step (3) and opscenter.war from step (6)


Windows Steps for View Builder component:

  1. Download fixed log4j-core-2.13.3.jar file from Veritas Download Center
  2. Close ViewBuilder if it's open
  3. Take backup of log4j-core-2.13.3.jar file from [OPSCENTER_VIEWBUILDER_INSTALL_FOLDER]\OpsCenter\viewbuilder\lib to any backup/temp folder
  4. Replace log4j-core-2.13.3.jar file from [OPSCENTER_VIEWBUILDER_INSTALL_FOLDER]\OpsCenter\viewbuilder\lib with downloaded log4j-core-2.13.3.jar from step (1)
  5. Login to ViewBuilder
  6. Delete backed up file log4j-core-2.13.3.jar from step (3)

 

Windows Steps for Agent component:

The OpsCenter Agent is not supported as a part of product. If the agent is installed, please uninstall the OpsCenter Agent software


Linux steps for GUI+Server component

  1. Download fixed log4j-core-2.13.3.jar file from Veritas Download Center
  2. Run SHA-256 against the jar file and compare.
  3. Stop OpsCenter Services using [OPSCENTER_SERVER_INSTALL_FOLDER]/SYMCOpsCenterServer/bin/opsadmin.sh stop
  4. Take backup of log4j-core-2.13.3.jar file from [OPSCENTER_SERVER_INSTALL_FOLDER]/SYMCOpsCenterServer/lib to any backup/temp folder
  5. Replace log4j-core-2.13.3.jar file from [OPSCENTER_SERVER_INSTALL_FOLDER]/SYMCOpsCenterServer/lib with downloaded log4j-core-2.13.3.jar from step (1)
  6. Replace log4j-core-2.13.3.jar file from [OPSCENTER_SERVER_INSTALL_FOLDER]/SYMCOpsCenterGUI/webserver/webapps/opscenter/WEB-INF/lib with downloaded log4j-core-2.13.3.jar from step (1)
  7. Take backup of opscenter.war file from [OPSCENTER_SERVER_INSTALL_FOLDER]/SYMCOpsCenterGUI folder to any backup/temp folder
  8. Delete opscenter.war file from [OPSCENTER_SERVER_INSTALL_FOLDER]/SYMCOpsCenterGUI folder  and also other opscenter.war  files having extended naming convention similar to this format (if present) e.g. opscenter.war.9101EEB_ET4049887_1.
  9. Note: DO NOT delete opscenter.war soft link from [OPSCENTER_SERVER_INSTALL_FOLDER]/SYMCOpsCenterGUI/webserver/webapps folder
  10. Start OpsCenter Services using [OPSCENTER_SERVER_INSTALL_FOLDER]/SYMCOpsCenterServer/bin/opsadmin.sh start
  11. Login to OpsCenter Console
  12. Delete backed up files log4j-core-2.13.3.jar from step (4) and opscenter.war from step (7)

 

Linux Steps for Agent component:

The OpsCenter Agent is not supported as a part of product. If the agent is installed, please uninstall the OpsCenter Agent software

Applies to the following product releases

Update files

 File name Description Version Platform Size

Knowledge base

2
Impact of CVE-2021-44228 and CVE-2021-45046 Apache Log4j Vulnerability on NetBackup
2022-12-05

About Apache Log4j Vulnerabilities Apache Log4j is an open-source, Java-based logging utility widely used by enterprise applications and cloud services. Veritas is tracking the recently announced vulnerabilities in Apache’s Log4j. All Veritas Pro...