Impact of CVE-2021-44228 Apache Log4j Vulnerability on NetBackup OpsCenter Versions 8.3.0.2

Translation Notice

Please note that this content includes text that has been machine-translated from English. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.

Impact of CVE-2021-44228 Apache Log4j Vulnerability on NetBackup OpsCenter Versions 8.3.0.2 - 9.1.0.1

HotFix

Update ID: UPD532246

Version: 8.3.0.2 - 9.1.0.1

Platform: Cross-platform

Release date: 2021-12-15

Abstract

Mitigation steps to replace existing log4j-core-2.13.3.jar having CVE-2021-44228 with fixed log4j-core-2.13.3.jar

Description

Problem:

Impact of CVE-2021-44228 Apache Log4j Vulnerability on NetBackup OpsCenter Versions 8.3.0.2 - 9.1.0.1

See Knowledge Base article below for additional details.

https://www.veritas.com/content/support/en_US/article.100052100

Mitigation Steps:

Replace existing log4j-core-2.13.3.jar having CVE-2021-44228 with fixed log4j-core-2.13.3.jar as documented in the README section of this Update.

Downloads:
log4j-core-2.13.3.zip

SHA-256 Checksums for files:

File Checksum Byte count
log4j-core-2.13.3.jar 5d929f22dc6a6c9c8320e282a6e864773a12c504f7443dfec9408a4520aef659 1,694,512

Installation Instruction

Windows Steps for GUI + Server component.

Download fixed log4j-core-2.13.3.jar.zip file from Veritas Download Center
Stop OpsCenter Services using [OPSCENTER_SERVER_INSTALL_FOLDER]\opscenter\server\bin\opsadmin.bat stop
Take backup of log4j-core-2.13.3.jar file from [OPSCENTER_SERVER_INSTALL_FOLDER]\OpsCenter\server\lib to any backup/temp folder
Replace log4j-core-2.13.3.jar file from [OPSCENTER_SERVER_INSTALL_FOLDER]\OpsCenter\server\lib with downloaded log4j-core-2.13.3.jar from step (1)
Replace log4j-core-2.13.3.jar file from [OPSCENTER_SERVER_INSTALL_FOLDER]\OpsCenter\gui\webserver\webapps\opscenter\WEB-INF\lib with downloaded log4j-core-2.13.3.jar from step (1)
Take backup of opscenter.war file from [OPSCENTER_SERVER_INSTALL_FOLDER]\OpsCenter\gui folder to any backup/temp folder
Delete opscenter.war file from [OPSCENTER_SERVER_INSTALL_FOLDER]\OpsCenter\gui folder and also other opscenter.war files having extended naming convention similar to this format (if present) e.g. opscenter.war.9101EEB_ET4049887_1.
Delete opscenter.war file from [OPSCENTER_SERVER_INSTALL_FOLDER]\OpsCenter\gui\webserver\webapps folder
Start OpsCenter Services using [OPSCENTER_SERVER_INSTALL_FOLDER]\opscenter\server\bin\opsadmin.bat start
Login to OpsCenter Console
Delete backed up files log4j-core-2.13.3.jar from step (3) and opscenter.war from step (6)

Windows Steps for View Builder component:

Download fixed log4j-core-2.13.3.jar file from Veritas Download Center
Close ViewBuilder if it's open
Take backup of log4j-core-2.13.3.jar file from [OPSCENTER_VIEWBUILDER_INSTALL_FOLDER]\OpsCenter\viewbuilder\lib to any backup/temp folder
Replace log4j-core-2.13.3.jar file from [OPSCENTER_VIEWBUILDER_INSTALL_FOLDER]\OpsCenter\viewbuilder\lib with downloaded log4j-core-2.13.3.jar from step (1)
Login to ViewBuilder
Delete backed up file log4j-core-2.13.3.jar from step (3)

Windows Steps for Agent component:

The OpsCenter Agent is not supported as a part of product. If the agent is installed, please uninstall the OpsCenter Agent software

Linux steps for GUI+Server component

Download fixed log4j-core-2.13.3.jar file from Veritas Download Center
Run SHA-256 against the jar file and compare.
Stop OpsCenter Services using [OPSCENTER_SERVER_INSTALL_FOLDER]/SYMCOpsCenterServer/bin/opsadmin.sh stop
Take backup of log4j-core-2.13.3.jar file from [OPSCENTER_SERVER_INSTALL_FOLDER]/SYMCOpsCenterServer/lib to any backup/temp folder
Replace log4j-core-2.13.3.jar file from [OPSCENTER_SERVER_INSTALL_FOLDER]/SYMCOpsCenterServer/lib with downloaded log4j-core-2.13.3.jar from step (1)
Replace log4j-core-2.13.3.jar file from [OPSCENTER_SERVER_INSTALL_FOLDER]/SYMCOpsCenterGUI/webserver/webapps/opscenter/WEB-INF/lib with downloaded log4j-core-2.13.3.jar from step (1)
Take backup of opscenter.war file from [OPSCENTER_SERVER_INSTALL_FOLDER]/SYMCOpsCenterGUI folder to any backup/temp folder
Delete opscenter.war file from [OPSCENTER_SERVER_INSTALL_FOLDER]/SYMCOpsCenterGUI folder and also other opscenter.war files having extended naming convention similar to this format (if present) e.g. opscenter.war.9101EEB_ET4049887_1.
Note: DO NOT delete opscenter.war soft link from [OPSCENTER_SERVER_INSTALL_FOLDER]/SYMCOpsCenterGUI/webserver/webapps folder
Start OpsCenter Services using [OPSCENTER_SERVER_INSTALL_FOLDER]/SYMCOpsCenterServer/bin/opsadmin.sh start
Login to OpsCenter Console
Delete backed up files log4j-core-2.13.3.jar from step (4) and opscenter.war from step (7)

Linux Steps for Agent component:

The OpsCenter Agent is not supported as a part of product. If the agent is installed, please uninstall the OpsCenter Agent software

Applies to the following product releases

NetBackup 9.0

Release date: 2021-01-01

End of support life: 2024-01-01

NetBackup 9.0.0.1

Release date: 2021-03-29

End of standard support: 2024-01-01

Sustaining support starts: 2026-01-01

End of support life: 2027-01-01

NetBackup 9.1

Release date: 2021-06-07

End of support life: 2024-06-07

NetBackup 8.3.0.2

Release date: 2021-07-29

End of standard support: 2024-07-29

Sustaining support starts: 2026-07-29

End of support life: 2027-07-29

NetBackup 9.1.0.1

Release date: 2021-09-07

End of standard support: 2024-06-07

Sustaining support starts: 2026-06-07

End of support life: 2027-06-07

Update files

	File name	Description	Version	Platform	Size

Choose an account to download the files you selected.

Knowledge base

Impact of CVE-2021-44228 and CVE-2021-45046 Apache Log4j Vulnerability on NetBackup

2022-12-05

About Apache Log4j Vulnerabilities Apache Log4j is an open-source, Java-based logging utility widely used by enterprise applications and cloud services. Veritas is tracking the recently announced vulnerabilities in Apache’s Log4j. All Veritas Pro...