Hi, Today I used this workaround for solving my vRops 8.5. If you upgrade your vRops to 8.6.2, You don’t need to read this blog post.
To apply the workaround for CVE-2021-44228 and CVE-2021-45046 to vRealize Operations, perform the following steps:
For Analytic (Primary, Replica, Data), Remote Collector and Witness nodes:
- Log into the vRealize Operations Manager Admin UI as the local admin user.
- Click Take Offline under Cluster Status.
Note: Wait for Cluster Status to show as Offline.
- Copy the attached data-rc-witness-log4j-fix.sh and vrops-log4j-fix.sh files to the /tmp directory on all Analytic, Remote Collector and Witness nodes in the cluster using an SCP utility.
- Log into each Analytic, Remote Collector and Witness node as root via SSH or Console, pressing ALT+F1 in a Console to log in.
- Change to the /tmp directory on all nodes
cd /tmp
- Run the following command on all nodes to make the data-rc-witness-log4j-fix.sh script executable:
chmod +x data-rc-witness-log4j-fix.sh
- Run the following command on all nodes to make the vrops-log4j-fix.sh script executable:
chmod +x vrops-log4j-fix.sh
- Run te following command on all nodes to execute the data-rc-witness-log4j-fix.sh script:
./data-rc-witness-log4j-fix.sh
Note: Ensure there are no ERROR messages in the script output.
- Run the following command on all nodes to execute the vrops-log4j-fix.sh script:
./vrops-log4j-fix.sh
Note: Ensure there are no ERROR messages in the script output.
- Run the following command on all nodes to restart the CaSA service:
service vmware-casa restart
- Log into the vRealize Operations Manager Admin UI as the local admin user.
- Click Bring Online under Cluster Status.
Note: Wait for Cluster Status to show as Online.
Reference:
https://kb.vmware.com/s/article/87076
Finish 🙂