Sign In
Forgot Password

Don’t have an account? Create One.

Instructions for How to Create, View, and Manage Cases

Impact of CVE-2021-44228 Apache Log4j Vulnerability on NetBackup OpsCenter Versions 8.1.2 - 8.3.0.1

HotFix
Update ID: UPD466241
Version: 8.1.2 - 8.3.0.1
Platform: Cross-platform
Release date: 2021-12-16

Abstract

Mitigation steps to replace existing log4j-core files related to CVE-2021-44228 with fixed log4j-core-2.11.0.jar

Description

====================================================================================================================

IMPORTANT UPDATE 

There are OpsCenter Engineering Binaries being developed and now available which prevent the need to perform these manual mitigation steps. 
Please contact NetBackup Support to obtain the following EEB if your OpsCenter is running 8.2.

 

OpsCenter 8.2, install EEB ET 4058565 Version 1

====================================================================================================================

 

Mitigation Steps: 

Replace existing log4j-core-2.11.0.jar having CVE-2021-44228 with fixed log4j-core-2.11.0.jar as documented in the README section of this Update.

 
Downloads:
log4j-core-2.11.0.zip

 

SHA-256 Checksums for files:
File                                         Checksum                                                                                                                                Byte count
log4j-core-2.11.0.jar            defa471cae5a97ea8b4c0d78e23b2e9464a34c7656d24618f4c364c3517a075b     1,582,200
 

===================================================================================================================

IMPORTANT UPDATE 

 

There are OpsCenter Engineering Binaries being developed and now available which prevent the need to perform these manual mitigation steps. 
Please contact NetBackup Support to obtain the following EEB if your OpsCenter is running 8.2.

 

OpsCenter 8.2, install EEB ET 4058565 Version 1

===================================================================================================================

 

Mitigation Installation Instructions


Windows Steps for GUI + Server component.

 

  1. Download fixed log4j-core-2.11.0.jar.zip file from Veritas Download Center
  2. Stop OpsCenter Services using  [OPSCENTER_SERVER_INSTALL_FOLDER]\opscenter\server\bin\opsadmin.bat stop
  3. Take backup of log4j-core-2.11.0.jar file from [OPSCENTER_SERVER_INSTALL_FOLDER]\OpsCenter\server\lib to any backup/temp folder
  4. Replace log4j-core-2.11.0.jar file from [OPSCENTER_SERVER_INSTALL_FOLDER]\OpsCenter\server\lib with donwloaded log4j-core-2.11.0.jar from step (1)
  5. Replace log4j-core-2.11.0.jar file from [OPSCENTER_SERVER_INSTALL_FOLDER]\OpsCenter\gui\webserver\webapps\opscenter\WEB-INF\lib with downloaded log4j-core-2.11.0.jar from step (1)
  6. Take backup of opscenter.war file from [OPSCENTER_SERVER_INSTALL_FOLDER]\OpsCenter\gui folder to any backup/temp folder
  7. Delete opscenter.war file from [OPSCENTER_SERVER_INSTALL_FOLDER]\OpsCenter\gui folder and also other opscenter.war  files having extended naming convention similar to this format (if present) e.g. opscenter.war.8301EEB_ET4021994_1.
  8. Delete opscenter.war file from [OPSCENTER_SERVER_INSTALL_FOLDER]\OpsCenter\gui\webserver\webapps folder 
  9. Start OpsCenter Services using [OPSCENTER_SERVER_INSTALL_FOLDER]\opscenter\server\bin\opsadmin.bat start
  10. Login to OpsCenter Console
  11. Delete backed up files log4j-core-2.11.0.jar from step (3) and opscenter.war from step (6)

 

 

Windows Steps for View Builder component:

  1. Download fixed log4j-core-2.11.0.jar file from Veritas Download Center
  2. Close ViewBuilder if it's open
  3. Take backup of log4j-core-2.11.0.jar file from [OPSCENTER_VIEWBUILDER_INSTALL_FOLDER]\OpsCenter\viewbuilder\lib to any backup/temp folder
  4. Replace log4j-core-2.11.0.jar file from [OPSCENTER_VIEWBUILDER_INSTALL_FOLDER]\OpsCenter\viewbuilder\lib with donwloaded log4j-core-2.11.0.jar from step (1)
  5. Login to ViewBuilder
  6. Delete backed up file log4j-core-2.11.0.jar from step (3)

 

Windows Steps for Agent component:

The OpsCenter Agent is not supported as a part of product. If the agent is installed, please uninstall the OpsCenter Agent software

 

Linux steps for GUI+Server component

  1. Download fixed log4j-core-2.11.0.jar file from Veritas Download Center
  2. Run SHA-256 against the jar file and compare.
  3. Stop OpsCenter Services using  [OPSCENTER_SERVER_INSTALL_FOLDER]/SYMCOpsCenterServer/bin/opsadmin.sh stop
  4. Take backup of log4j-core-2.11.0.jar file from [OPSCENTER_SERVER_INSTALL_FOLDER]/SYMCOpsCenterServer/lib to any backup/temp folder
  5. Replace log4j-core-2.11.0.jar file from [OPSCENTER_SERVER_INSTALL_FOLDER]/SYMCOpsCenterServer/lib with downloaded log4j-core-2.11.0.jar from step (1)
  6. Replace log4j-core-2.11.0.jar file from [OPSCENTER_SERVER_INSTALL_FOLDER]/SYMCOpsCenterGUI/webserver/webapps/opscenter/WEB-INF/lib with donwloaded log4j-core-2.11.0.jar from step (1)
  7. Take backup of opscenter.war file from [OPSCENTER_SERVER_INSTALL_FOLDER]/SYMCOpsCenterGUI folder to any backup/temp folder
  8. Delete opscenter.war file from [OPSCENTER_SERVER_INSTALL_FOLDER]/SYMCOpsCenterGUI folder and also other opscenter.war  files having extended naming convention similar to this format (if present) e.g. opscenter.war.8301EEB_ET4021994_1.
  9. Note: DO NOT delete opscenter.war soft link from [OPSCENTER_SERVER_INSTALL_FOLDER]/SYMCOpsCenterGUI/webserver/webapps folder
  10. Start OpsCenter Services using  [OPSCENTER_SERVER_INSTALL_FOLDER]/SYMCOpsCenterServer/bin/opsadmin.sh start
  11. Login to OpsCenter Console
  12. Delete backed up files log4j-core-2.11.0.jar from step (4) and opscenter.war from step (7)

 

Linux Steps for Agent component:

The OpsCenter Agent is not supported as a part of product. If the agent is installed, please uninstall the OpsCenter Agent software

Applies to the following product releases

NetBackup 8.1.2
Release date: 2018-09-17
End of standard support: 2022-06-28
Sustaining support starts: 2024-06-28
End of support life: 2025-06-28
NetBackup 8.2
Release date: 2019-06-28
End of standard support: 2023-06-28
Sustaining support starts: 2025-06-28
End of support life: 2026-06-28
NetBackup 8.3
Release date: 2020-07-29
End of standard support: To be determined
Sustaining support starts: To be determined
End of support life: 2024-07-29
NetBackup 8.3.0.1
Release date: 2020-09-14
End of standard support: To be determined
Sustaining support starts: To be determined
End of support life: 2024-07-29

Update files

 File name Description Version Platform Size

Knowledge base

71
Impact of CVE-2021-44228 and CVE-2021-45046 Apache Log4j Vulnerability on NetBackup
2022-12-05

About Apache Log4j Vulnerabilities Apache Log4j is an open-source, Java-based logging utility widely used by enterprise applications and cloud services. Veritas is tracking the recently announced vulnerabilities in Apache’s Log4j. All Veritas Pro...