vCenter Server 8.0 Security scans flag log4j-1.2.12rsa-1.jar
search cancel

vCenter Server 8.0 Security scans flag log4j-1.2.12rsa-1.jar

book

Article ID: 301487

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

This article provides instructions for the removal of the deprecated file

Security scanners flag the below file on vCenter Server 8.0:

/usr/lib/vmware/common-jars/log4j-core-2.17.0.jar

 



Resolution

Implement the following steps to remove the deprecated log4j-core-2.17.0.jar file.

  1. Take a snapshot of the vCenter Server and/or a back up
  2. SSH to vCenter via root
  3. Identify which log4j-core files are present:
ls /usr/lib/vmware/common-jars/log4j-core*
  1. On vCenter Server 8.0, the vCenter Server should have the following two files:
/usr/lib/vmware/common-jars/log4j-core-2.17.0.jar
/usr/lib/vmware/common-jars/log4j-core-2.17.1.jar
  1. If both files exist, proceed to removing the deprecated version:
rm /usr/lib/vmware/common-jars/log4j-core-2.17.0.jar
  1. Reboot the vCenter Server
  2. Perform a security scan



Additional Information

Impact/Risks:
A reboot of the vCenter Server is required.

Powered by Wolken Software