Sign In
Forgot Password

Don’t have an account? Create One.

Impact of CVE-2021-44228 Apache Log4j Vulnerability on NetBackup OpsCenter Versions 8.3.0.2 - 9.1.0.1

HotFix

Abstract

Mitigation steps to replace existing log4j-core-2.13.3.jar having CVE-2021-44228 with fixed log4j-core-2.13.3.jar

Description

Problem:

Impact of CVE-2021-44228 Apache Log4j Vulnerability on NetBackup OpsCenter Versions 8.3.0.2 - 9.1.0.1

 

See Knowledge Base article below for additional details.

 

https://www.veritas.com/support/en_US/article.100052100

 

Mitigation Steps: 

 

Replace existing log4j-core-2.13.3.jar having CVE-2021-44228 with fixed log4j-core-2.13.3.jar as documented in the README section of this Update.

 

Downloads:
log4j-core-2.13.3.zip

 

SHA-256 Checksums for files:

File                                                   Checksum                                                                                                                                  Byte count
log4j-core-2.13.3.jar                      5d929f22dc6a6c9c8320e282a6e864773a12c504f7443dfec9408a4520aef659          1,694,512

 

Installation Instruction

 

Windows Steps for GUI + Server component.

  1. Download fixed log4j-core-2.13.3.jar.zip file from Veritas Download Center
  2. Stop OpsCenter Services using [OPSCENTER_SERVER_INSTALL_FOLDER]\opscenter\server\bin\opsadmin.bat stop
  3. Take backup of log4j-core-2.13.3.jar file from [OPSCENTER_SERVER_INSTALL_FOLDER]\OpsCenter\server\lib to any backup/temp folder
  4. Replace log4j-core-2.13.3.jar file from [OPSCENTER_SERVER_INSTALL_FOLDER]\OpsCenter\server\lib with downloaded log4j-core-2.13.3.jar from step (1)
  5. Replace log4j-core-2.13.3.jar file from [OPSCENTER_SERVER_INSTALL_FOLDER]\OpsCenter\gui\webserver\webapps\opscenter\WEB-INF\lib with downloaded log4j-core-2.13.3.jar from step (1)
  6. Take backup of opscenter.war file from [OPSCENTER_SERVER_INSTALL_FOLDER]\OpsCenter\gui folder to any backup/temp folder
  7. Delete opscenter.war file from [OPSCENTER_SERVER_INSTALL_FOLDER]\OpsCenter\gui folder and also other opscenter.war  files having extended naming convention similar to this format (if present) e.g. opscenter.war.9101EEB_ET4049887_1.
  8. Delete opscenter.war file from [OPSCENTER_SERVER_INSTALL_FOLDER]\OpsCenter\gui\webserver\webapps folder
  9. Start OpsCenter Services using [OPSCENTER_SERVER_INSTALL_FOLDER]\opscenter\server\bin\opsadmin.bat start
  10. Login to OpsCenter Console
  11. Delete backed up files log4j-core-2.13.3.jar from step (3) and opscenter.war from step (6)


Windows Steps for View Builder component:

  1. Download fixed log4j-core-2.13.3.jar file from Veritas Download Center
  2. Close ViewBuilder if it's open
  3. Take backup of log4j-core-2.13.3.jar file from [OPSCENTER_VIEWBUILDER_INSTALL_FOLDER]\OpsCenter\viewbuilder\lib to any backup/temp folder
  4. Replace log4j-core-2.13.3.jar file from [OPSCENTER_VIEWBUILDER_INSTALL_FOLDER]\OpsCenter\viewbuilder\lib with downloaded log4j-core-2.13.3.jar from step (1)
  5. Login to ViewBuilder
  6. Delete backed up file log4j-core-2.13.3.jar from step (3)

 

Windows Steps for Agent component:

The OpsCenter Agent is not supported as a part of product. If the agent is installed, please uninstall the OpsCenter Agent software


Linux steps for GUI+Server component

  1. Download fixed log4j-core-2.13.3.jar file from Veritas Download Center
  2. Run SHA-256 against the jar file and compare.
  3. Stop OpsCenter Services using [OPSCENTER_SERVER_INSTALL_FOLDER]/SYMCOpsCenterServer/bin/opsadmin.sh stop
  4. Take backup of log4j-core-2.13.3.jar file from [OPSCENTER_SERVER_INSTALL_FOLDER]/SYMCOpsCenterServer/lib to any backup/temp folder
  5. Replace log4j-core-2.13.3.jar file from [OPSCENTER_SERVER_INSTALL_FOLDER]/SYMCOpsCenterServer/lib with downloaded log4j-core-2.13.3.jar from step (1)
  6. Replace log4j-core-2.13.3.jar file from [OPSCENTER_SERVER_INSTALL_FOLDER]/SYMCOpsCenterGUI/webserver/webapps/opscenter/WEB-INF/lib with downloaded log4j-core-2.13.3.jar from step (1)
  7. Take backup of opscenter.war file from [OPSCENTER_SERVER_INSTALL_FOLDER]/SYMCOpsCenterGUI folder to any backup/temp folder
  8. Delete opscenter.war file from [OPSCENTER_SERVER_INSTALL_FOLDER]/SYMCOpsCenterGUI folder  and also other opscenter.war  files having extended naming convention similar to this format (if present) e.g. opscenter.war.9101EEB_ET4049887_1.
  9. Note: DO NOT delete opscenter.war soft link from [OPSCENTER_SERVER_INSTALL_FOLDER]/SYMCOpsCenterGUI/webserver/webapps folder
  10. Start OpsCenter Services using [OPSCENTER_SERVER_INSTALL_FOLDER]/SYMCOpsCenterServer/bin/opsadmin.sh start
  11. Login to OpsCenter Console
  12. Delete backed up files log4j-core-2.13.3.jar from step (4) and opscenter.war from step (7)

 

Linux Steps for Agent component:

The OpsCenter Agent is not supported as a part of product. If the agent is installed, please uninstall the OpsCenter Agent software

Applies to the following product releases

Update files

File name Description Version Platform Size

Knowledge base

71
2022-12-05

About Apache Log4j Vulnerabilities Apache Log4j is an open-source, Java-based logging utility widely used by enterprise applications and cloud services. Veritas is tracking the recently announced vulnerabilities in Apache’s Log4j. All Veritas Pro...