{"id":7006,"date":"2021-12-22T08:48:06","date_gmt":"2021-12-22T07:48:06","guid":{"rendered":"https:\/\/tomaskalabis.com\/wordpress\/?p=7006"},"modified":"2022-02-01T12:48:29","modified_gmt":"2022-02-01T11:48:29","slug":"how-to-mitigate-apache-log4j-on-vmware-vcenter-appliance","status":"publish","type":"post","link":"https:\/\/tomaskalabis.com\/wordpress\/how-to-mitigate-apache-log4j-on-vmware-vcenter-appliance\/","title":{"rendered":"How to mitigate Apache log4j on VMware vCenter Appliance"},"content":{"rendered":"\n<h3>How to mitigate Apache log4j on VMware vCenter Appliance\u00a0<\/h3>\n<p>CVE-2021-44228 &amp; CVE-2021-45046 has been determined to impact vCenter Server 7.0.x, vCenter 6.7.x &amp; vCenter 6.5.x via the Apache Log4j open source component it ships.\u00a0<\/p>\n<p><strong>Currently is no PATCH from VMware site (22.12.2021)<\/strong><\/p>\n<p>more info about workarounds and patches &#8211; <a href=\"https:\/\/www.vmware.com\/security\/advisories\/VMSA-2021-0028.html\" target=\"_blank\" rel=\"noopener\">VMware VMSA-2021-0028.5 page<\/a><\/p>\n<h4>Resolution (workaround)\u00a0<\/h4>\n<ul>\n<li>Download the script attached to this KB (<a href=\"https:\/\/kb.vmware.com\/sfc\/servlet.shepherd\/version\/download\/0685G00000d7ovWQAQ\">vc_log4j_mitigator.py<\/a>)<\/li>\n<li>Login to the vCSA using an SSH Client<\/li>\n<li><a href=\"https:\/\/tomaskalabis.com\/wordpress\/winscp-connection-to-vcsa-failed-received-too-large-sftp-packet\/\" target=\"_blank\" rel=\"noopener\">enable the bash shell to VCSA<\/a> &#8211; if not you got error message \u201cReceived too large SFTP packet\u201d<\/li>\n<li>Transfer the file to \/tmp folder on vCenter Server Appliance using WinSCP<\/li>\n<li>Create backup of your VCSA, at least snapshot<\/li>\n<li>Execute the &#8222;<strong>python vc_log4j_mitigator.py<\/strong>&#8222;<br \/><br \/><em>This will stop all vCenter services, updates all necessary files with the formatMsgNoLookups flag, removes the JndiLookup.class from all jar\/war files on the appliance, and finally starts all vCenter services. The files that the script modifies will be reported as the script runs.<\/em><\/li>\n<li>To verify that no more vulnerable files exist, execute &#8222;python vc_log4j_mitigator.py -r&#8220; (-r means dryrun)<\/li>\n<li>The list of vulnerable files should be zero<\/li>\n<\/ul>\n<h4>IMPORTANT<\/h4>\n<p>Upgrading the vCenter Appliance to an unmitigated version will put the environment into a vulnerable state again. Use the\u00a0vc_log4j_mitigator.py\u00a0script after upgrading to correct this<\/p>\n<h3>UPDATE 1. 2. 2022<\/h3>\n<p><strong>VMware vCenter Server 7.0 Update 3c<\/strong> was released, its build 19234570 where Apache log4j is updated to version 2.17 to resolve CVE-2021-44228 and CVE-2021-45046. Please update your VCSA appliance <strong>immediately<\/strong>. My best practices is update via VAMI.\u00a0<\/p>\n<p><strong>Still waiting for update for VCSA 6.5 and 6.7<\/strong><\/p>\n<p>\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"<p>How to mitigate Apache log4j on VMware vCenter Appliance\u00a0 CVE-2021-44228 &amp; CVE-2021-45046 has been determined to impact vCenter Server 7.0.x, vCenter 6.7.x &amp; vCenter 6.5.x via the Apache Log4j open &#8230;<\/p>\n","protected":false},"author":2,"featured_media":7010,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[113],"tags":[362,360,361,112,276,100],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>How to mitigate Apache log4j on VMware vCenter Appliance - tomaskalabis.com<\/title>\n<meta name=\"description\" content=\"How to workaround log4j on VMware VCSA - CVE-2021-44228 &amp; CVE-2021-45046 has been determined to impact vCenter Server 7.0.x, vCenter 6.7.x &amp; vCenter 6.5.x via the Apache Log4j open source component it ships.\u00a0VMware vCenter\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/tomaskalabis.com\/wordpress\/how-to-mitigate-apache-log4j-on-vmware-vcenter-appliance\/\" \/>\n<meta property=\"og:locale\" content=\"cs_CZ\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to mitigate Apache log4j on VMware vCenter Appliance - tomaskalabis.com\" \/>\n<meta property=\"og:description\" content=\"How to workaround log4j on VMware VCSA - CVE-2021-44228 &amp; CVE-2021-45046 has been determined to impact vCenter Server 7.0.x, vCenter 6.7.x &amp; vCenter 6.5.x via the Apache Log4j open source component it ships.\u00a0VMware vCenter\" \/>\n<meta property=\"og:url\" content=\"https:\/\/tomaskalabis.com\/wordpress\/how-to-mitigate-apache-log4j-on-vmware-vcenter-appliance\/\" \/>\n<meta property=\"og:site_name\" content=\"tomaskalabis.com\" \/>\n<meta property=\"article:published_time\" content=\"2021-12-22T07:48:06+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-02-01T11:48:29+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/tomaskalabis.com\/wordpress\/wp-content\/uploads\/2021\/12\/vmware-vsphere-logo.png\" \/>\n\t<meta property=\"og:image:width\" content=\"166\" \/>\n\t<meta property=\"og:image:height\" content=\"166\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Tomas Kalabis\" \/>\n<meta name=\"twitter:label1\" content=\"Napsal(a)\" \/>\n\t<meta name=\"twitter:data1\" content=\"Tomas Kalabis\" \/>\n\t<meta name=\"twitter:label2\" content=\"Odhadovan\u00e1 doba \u010dten\u00ed\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minuty\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/tomaskalabis.com\/wordpress\/how-to-mitigate-apache-log4j-on-vmware-vcenter-appliance\/\",\"url\":\"https:\/\/tomaskalabis.com\/wordpress\/how-to-mitigate-apache-log4j-on-vmware-vcenter-appliance\/\",\"name\":\"How to mitigate Apache log4j on VMware vCenter Appliance - tomaskalabis.com\",\"isPartOf\":{\"@id\":\"https:\/\/tomaskalabis.com\/wordpress\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/tomaskalabis.com\/wordpress\/how-to-mitigate-apache-log4j-on-vmware-vcenter-appliance\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/tomaskalabis.com\/wordpress\/how-to-mitigate-apache-log4j-on-vmware-vcenter-appliance\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/tomaskalabis.com\/wordpress\/wp-content\/uploads\/2021\/12\/vmware-vsphere-logo.png\",\"datePublished\":\"2021-12-22T07:48:06+00:00\",\"dateModified\":\"2022-02-01T11:48:29+00:00\",\"author\":{\"@id\":\"https:\/\/tomaskalabis.com\/wordpress\/#\/schema\/person\/8e7e83f618a561ed3734a38cef4cf1d6\"},\"description\":\"How to workaround log4j on VMware VCSA - CVE-2021-44228 & CVE-2021-45046 has been determined to impact vCenter Server 7.0.x, vCenter 6.7.x & vCenter 6.5.x via the Apache Log4j open source component it ships.\u00a0VMware vCenter\",\"breadcrumb\":{\"@id\":\"https:\/\/tomaskalabis.com\/wordpress\/how-to-mitigate-apache-log4j-on-vmware-vcenter-appliance\/#breadcrumb\"},\"inLanguage\":\"cs\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/tomaskalabis.com\/wordpress\/how-to-mitigate-apache-log4j-on-vmware-vcenter-appliance\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"cs\",\"@id\":\"https:\/\/tomaskalabis.com\/wordpress\/how-to-mitigate-apache-log4j-on-vmware-vcenter-appliance\/#primaryimage\",\"url\":\"https:\/\/tomaskalabis.com\/wordpress\/wp-content\/uploads\/2021\/12\/vmware-vsphere-logo.png\",\"contentUrl\":\"https:\/\/tomaskalabis.com\/wordpress\/wp-content\/uploads\/2021\/12\/vmware-vsphere-logo.png\",\"width\":166,\"height\":166},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/tomaskalabis.com\/wordpress\/how-to-mitigate-apache-log4j-on-vmware-vcenter-appliance\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/tomaskalabis.com\/wordpress\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How to mitigate Apache log4j on VMware vCenter Appliance\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/tomaskalabis.com\/wordpress\/#website\",\"url\":\"https:\/\/tomaskalabis.com\/wordpress\/\",\"name\":\"tomaskalabis.com\",\"description\":\"my personal blog\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/tomaskalabis.com\/wordpress\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"cs\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/tomaskalabis.com\/wordpress\/#\/schema\/person\/8e7e83f618a561ed3734a38cef4cf1d6\",\"name\":\"Tomas Kalabis\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"cs\",\"@id\":\"https:\/\/tomaskalabis.com\/wordpress\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/9f7e4796b38d5720e8a07b918f423311?s=96&d=retro&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/9f7e4796b38d5720e8a07b918f423311?s=96&d=retro&r=g\",\"caption\":\"Tomas Kalabis\"},\"sameAs\":[\"https:\/\/x.com\/tomaskalabis\"],\"url\":\"https:\/\/tomaskalabis.com\/wordpress\/author\/kalabis\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How to mitigate Apache log4j on VMware vCenter Appliance - tomaskalabis.com","description":"How to workaround log4j on VMware VCSA - CVE-2021-44228 & CVE-2021-45046 has been determined to impact vCenter Server 7.0.x, vCenter 6.7.x & vCenter 6.5.x via the Apache Log4j open source component it ships.\u00a0VMware vCenter","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/tomaskalabis.com\/wordpress\/how-to-mitigate-apache-log4j-on-vmware-vcenter-appliance\/","og_locale":"cs_CZ","og_type":"article","og_title":"How to mitigate Apache log4j on VMware vCenter Appliance - tomaskalabis.com","og_description":"How to workaround log4j on VMware VCSA - CVE-2021-44228 & CVE-2021-45046 has been determined to impact vCenter Server 7.0.x, vCenter 6.7.x & vCenter 6.5.x via the Apache Log4j open source component it ships.\u00a0VMware vCenter","og_url":"https:\/\/tomaskalabis.com\/wordpress\/how-to-mitigate-apache-log4j-on-vmware-vcenter-appliance\/","og_site_name":"tomaskalabis.com","article_published_time":"2021-12-22T07:48:06+00:00","article_modified_time":"2022-02-01T11:48:29+00:00","og_image":[{"width":166,"height":166,"url":"https:\/\/tomaskalabis.com\/wordpress\/wp-content\/uploads\/2021\/12\/vmware-vsphere-logo.png","type":"image\/png"}],"author":"Tomas Kalabis","twitter_misc":{"Napsal(a)":"Tomas Kalabis","Odhadovan\u00e1 doba \u010dten\u00ed":"2 minuty"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/tomaskalabis.com\/wordpress\/how-to-mitigate-apache-log4j-on-vmware-vcenter-appliance\/","url":"https:\/\/tomaskalabis.com\/wordpress\/how-to-mitigate-apache-log4j-on-vmware-vcenter-appliance\/","name":"How to mitigate Apache log4j on VMware vCenter Appliance - tomaskalabis.com","isPartOf":{"@id":"https:\/\/tomaskalabis.com\/wordpress\/#website"},"primaryImageOfPage":{"@id":"https:\/\/tomaskalabis.com\/wordpress\/how-to-mitigate-apache-log4j-on-vmware-vcenter-appliance\/#primaryimage"},"image":{"@id":"https:\/\/tomaskalabis.com\/wordpress\/how-to-mitigate-apache-log4j-on-vmware-vcenter-appliance\/#primaryimage"},"thumbnailUrl":"https:\/\/tomaskalabis.com\/wordpress\/wp-content\/uploads\/2021\/12\/vmware-vsphere-logo.png","datePublished":"2021-12-22T07:48:06+00:00","dateModified":"2022-02-01T11:48:29+00:00","author":{"@id":"https:\/\/tomaskalabis.com\/wordpress\/#\/schema\/person\/8e7e83f618a561ed3734a38cef4cf1d6"},"description":"How to workaround log4j on VMware VCSA - CVE-2021-44228 & CVE-2021-45046 has been determined to impact vCenter Server 7.0.x, vCenter 6.7.x & vCenter 6.5.x via the Apache Log4j open source component it ships.\u00a0VMware vCenter","breadcrumb":{"@id":"https:\/\/tomaskalabis.com\/wordpress\/how-to-mitigate-apache-log4j-on-vmware-vcenter-appliance\/#breadcrumb"},"inLanguage":"cs","potentialAction":[{"@type":"ReadAction","target":["https:\/\/tomaskalabis.com\/wordpress\/how-to-mitigate-apache-log4j-on-vmware-vcenter-appliance\/"]}]},{"@type":"ImageObject","inLanguage":"cs","@id":"https:\/\/tomaskalabis.com\/wordpress\/how-to-mitigate-apache-log4j-on-vmware-vcenter-appliance\/#primaryimage","url":"https:\/\/tomaskalabis.com\/wordpress\/wp-content\/uploads\/2021\/12\/vmware-vsphere-logo.png","contentUrl":"https:\/\/tomaskalabis.com\/wordpress\/wp-content\/uploads\/2021\/12\/vmware-vsphere-logo.png","width":166,"height":166},{"@type":"BreadcrumbList","@id":"https:\/\/tomaskalabis.com\/wordpress\/how-to-mitigate-apache-log4j-on-vmware-vcenter-appliance\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/tomaskalabis.com\/wordpress\/"},{"@type":"ListItem","position":2,"name":"How to mitigate Apache log4j on VMware vCenter Appliance"}]},{"@type":"WebSite","@id":"https:\/\/tomaskalabis.com\/wordpress\/#website","url":"https:\/\/tomaskalabis.com\/wordpress\/","name":"tomaskalabis.com","description":"my personal blog","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/tomaskalabis.com\/wordpress\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"cs"},{"@type":"Person","@id":"https:\/\/tomaskalabis.com\/wordpress\/#\/schema\/person\/8e7e83f618a561ed3734a38cef4cf1d6","name":"Tomas Kalabis","image":{"@type":"ImageObject","inLanguage":"cs","@id":"https:\/\/tomaskalabis.com\/wordpress\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/9f7e4796b38d5720e8a07b918f423311?s=96&d=retro&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/9f7e4796b38d5720e8a07b918f423311?s=96&d=retro&r=g","caption":"Tomas Kalabis"},"sameAs":["https:\/\/x.com\/tomaskalabis"],"url":"https:\/\/tomaskalabis.com\/wordpress\/author\/kalabis\/"}]}},"jetpack_featured_media_url":"https:\/\/tomaskalabis.com\/wordpress\/wp-content\/uploads\/2021\/12\/vmware-vsphere-logo.png","_links":{"self":[{"href":"https:\/\/tomaskalabis.com\/wordpress\/wp-json\/wp\/v2\/posts\/7006"}],"collection":[{"href":"https:\/\/tomaskalabis.com\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tomaskalabis.com\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tomaskalabis.com\/wordpress\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/tomaskalabis.com\/wordpress\/wp-json\/wp\/v2\/comments?post=7006"}],"version-history":[{"count":3,"href":"https:\/\/tomaskalabis.com\/wordpress\/wp-json\/wp\/v2\/posts\/7006\/revisions"}],"predecessor-version":[{"id":7041,"href":"https:\/\/tomaskalabis.com\/wordpress\/wp-json\/wp\/v2\/posts\/7006\/revisions\/7041"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/tomaskalabis.com\/wordpress\/wp-json\/wp\/v2\/media\/7010"}],"wp:attachment":[{"href":"https:\/\/tomaskalabis.com\/wordpress\/wp-json\/wp\/v2\/media?parent=7006"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tomaskalabis.com\/wordpress\/wp-json\/wp\/v2\/categories?post=7006"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tomaskalabis.com\/wordpress\/wp-json\/wp\/v2\/tags?post=7006"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}