IMPORTANT: The steps in this article are now obsolete due to the release of vc_log4j_mitigator.py. Please use KB 87081 to remediate the vCenter Server Appliance.Please refer to the Resolution section in KB
Workaround instructions to address CVE-2021-44228 in vCenter Server and vCenter Cloud Gateway.
IMPORTANT: After finishing the steps here, you MUST complete the remediation process by running the
remove_log4j_class.py script in
https://kb.vmware.com/s/article/87081.
Workaround:
Please follow the below steps to automate the workaround steps mentioned in
KB87081 :
How to execute the script on vCenter Server Appliance:
- Download the script attached this KB (vmsa-2021-0028-kb87081.py )
- Transfer the file to /tmp folder on vCenter Server Appliance using WinSCP or follow below steps to copy paste the script contents to VCSA using Putty
- Login to the vCSA using an SSH Client (using Putty.exe or any similar SSH Client)
- Open the script on your desktop in Notepad (Notepad++ is preferred)
- Copy the entire contents (Ctrl + C)
- On VCSA, create a new file using vi command
- vi /tmp/vmsa-2021-0028-kb87081.py
- Press the key 'i' to change vi editor to write/insert mode
- Right Click on the screen to Paste the script contents Copied from the previous step
- Save the Contents using Keys (Press Esc and then :wq! followed by Enter key)
- Execute the script using the command "python /tmp/vmsa-2021-0028-kb87081.py"
- Script will prompt for users input to confirm the services restart as all the services needs to be restarted to implement the workaround, Enter 'y' or 'Y' if you want to proceed with the script
- Script will proceed further and the status will be displayed on the screen, sample screenshots for successful executions are available in Related Information of this KB.
- Once complete, return to https://kb.vmware.com/s/article/87081 and follow the steps to "Run the remove_log4j_class.py script"