VMware just published a patch for SRM 8.5.0.2 where Apache log4j is updated to version 2.16 to resolve CVE-2021-44228 and CVE-2021-45046.

If you are running Site Recovery Manager 8.5, upgrade to Site Recovery Manager 8.5.0.2. See Upgrading Site Recovery Manager in Site Recovery Manager 8.5 Installation and Configuration for instructions about upgrading Site Recovery Manager.
If you use vSphere Replication with Site Recovery Manager 8.5, upgrade the vSphere Replication appliance to version 8.5.0.2. See the vSphere Replication 8.5.0.2 Release Notes for information about vSphere Replication 8.5.0.2.
VMware Site Recovery Manager 8.5.0.2 Virtual Appliance | 17 DEC 2021 | Build 19066895 | Download
VMware Site Recovery Manager 8.5.0.2 Configuration Import/Export Tool | 17 DEC 2021 | Build 19066897 | Download
RUN LIST:
- Download ISO from VMware website.
- Attache ISO to SRM appliance.
- Log in to the Site Recovery Manager Appliance Management Interface as admin.
- Click Update.
- Edit option to update from ISO.


- In the Available updates pane, click Install.
- Accept the end-user license agreement, and click Install.
NOTE: After the update is complete, the appliance restarts.
- Refresh the browser window to reload the Site Recovery Manager Appliance Management Interface.
- Log in to the Site Recovery Manager Appliance Management Interface as admin.
- Click Reconfigure
- Follow the prompts, provide the required information, and click Finish.
Source: https://docs.vmware.com/en/Site-Recovery-Manager/8.5/rn/srm-releasenotes-8-5-0-2.html#upgrading
Please like and share to spread the knowledge in the community.
If you want to chat with me please use Twitter: @AngrySysOps
Visit my FB page: https://www.facebook.com/AngrySysOps
Read my blog: https://angrysysops.com
Subscribe to my channel : https://www.youtube.com/channel/UCRTcKGl0neismSRpDMK_M4A