Workaround instructions to address CVE-2021-44228 and CVE-2021-45046 in vRealize Operations 8.x

This is most up-to-date document on how to remediate CVE-2021-44228 and CVE-2021-45046. On 15th of December 2021 VMware added workaround steps related to CVE-2021-45046. I will show you how to apply workaround. Please remember this is temporary solution as we are waiting for patch from VMware.

RUN LIST:

  1. Log into the vRealize Operations Manager Admin UI
  1. Make sure SSH access is enabled
  1. Click Take Offline under Cluster Status

NOTE: Wait for Cluster Status to show as Offline

  1. Copy  data-rc-witness-log4j-fix.sh and vrops-log4j-fix.sh files to the /tmp directory on all Analytic, Remote Collector and Witness nodes in the cluster using an SCP utility.

NOTE: Both scripts are from VMware and links are directing to VMware site for download.

  1. Log into each Analytic, Remote Collector and Witness node as root via SSH or Console, pressing ALT+F1 in a Console to log in
  2. Change to the /tmp directory on all nodes: cd /tmp
  3. Run the following command on all nodes to make the data-rc-witness-log4j-fix.sh script executable:
chmod +x data-rc-witness-log4j-fix.sh
  1. Run the following command on all nodes to make the vrops-log4j-fix.sh script executable:
chmod +x vrops-log4j-fix.sh

  1. Run te following command on all nodes to execute the data-rc-witness-log4j-fix.sh script:
./data-rc-witness-log4j-fix.sh

NOTE: Ensure there are no ERROR messages in the script output.

  1. Run the following command on all nodes to execute the vrops-log4j-fix.sh script:
./vrops-log4j-fix.sh

NOTE: Ensure there are no ERROR messages in the script output.

  1. Run the following command on all nodes to restart the CaSA service:
service vmware-casa restart

  1. Log into the vRealize Operations Manager Admin UI
  2. Click Bring Online under Cluster Status.

Source: https://kb.vmware.com/s/article/87098

Please like and share to spread the knowledge in the community.

If you want to chat with me please use Twitter: @AngrySysOps

Visit my FB page: https://www.facebook.com/AngrySysOps

Read my blog: https://angrysysops.com

Subscribe to my channel : https://www.youtube.com/channel/UCRTcKGl0neismSRpDMK_M4A

Please leave the comment