News2nd update: Second security vulnerability to Log4j - extended help and emergency measures Apache Log4j CVE-2021-44228 and CVE 2021-45046 - Dec 15, 2021 11:00 am

Markus Stumpf — 15. December 2021
Reading time: 1:01 minutes

2. Update mit erweiterten Hilfen zu Notfallmaßnahmen: Apache Log4j CVE-2021-44228 vulnerability in Bezug auf Spectrum Protect

2nd update Dec. 15, 2021, 11 a.m.

Probably only backup/archive client installations with configured WebClient and Spectrum Protect for Virtual Environments with active web server (vSphere plugin) are vulnerable.

The reports about Log4j do not stop. A colleague discovered the following additional CVE 2021-45046 this morning:
https://www.lunasec.io/docs/blog/log4j-zero-day-update-on-cve-2021-45046/

Laut Meldungen aus ADSM.org und unseren eigenen Recherchen sind wahrscheinlich nur Backup/Archive Client Installationen mit konfiguriertem WebClient und Spectrum Protect for Virtual Environments mit aktivem Web Server (vSphere Plugin) angreifbar.

According to reports from ADSM.org and our own research, probably only Backup/Archive Client installations with configured WebClient and Spectrum Protect for Virtual Environments with active Web Server (vSphere plugin) are vulnerable.

Therefore, the simplest workaround is to temporarily disable the WebClients and stop the TDP4VE Web Server.

Disable Web Client under Windows

Net stop "TSM Client Remote Agent" (Default Configuration) and then set the service to Manual.
https://www.ibm.com/docs/en/spectrum-protect/8.1.12?topic=overview-configuring-web-client-windows-systems

Disable Web Client under Unix/Linux

In dsm.sys change the line managedservices webclient schedule to: Managedservices schedule.
And restart the dsmcad daemon. https://www.ibm.com/docs/en/spectrum-protect/8.1.12?topic=wcco-configuring-web-client-aix-linux-mac-solaris-systems

Um den Spectrum Protect for Virtual Environments Web Server zu beenden

Net stop “IBM Spectrum Protect for Virtual Environments Web Server”
Oder Net stop IBMVEWebServer

Der Dienst sollte anschliessend auf manuell gestellt werden.

To stop the Spectrum Protect for Virtual Environments Web Server

Add the last line (-Dlog4j2.formatMsgNoLookups=true) in C:\IBM\SpectrumProtect\webserver\usr\servers\veProfile\jvm.options, so that it looks like this:

-Dlog4j2.formatMsgNoLookups=true

then restart "IBMWebserver".

This workaround works for Spectrum Protect clients of version 8.1.11 to 8.1.13!

However, currently only an update to Log4j version 2.16.0 is a permanent solution. For this we have to wait for a fixed Spectrum Protect Client version from IBM.

We will keep you informed on this topic. If you have any questions, please do not hesitate to contact us.

Your Empalis team

Markus Stumpf

Markus Stumpf is Head of Data Protection Services and Business Development Manager at Empalis Consulting GmbH.
As an expert in data protection solutions such as IBM Spectrum Protect, Veeam or Cohesity and with over 20 years of experience in implementation, operation and training (especially with IBM Spectrum Protect), he is happy to answer all your questions.

Do you need to implement NIS2? Cyber resilience is (not) a question of backup

Modern and innovative data protection for your company.

Managed service - backup tailored to your needs

Empalis supports you with your comprehensive security management.

Discover the Empalis Cloud: flexible, multifunctional, highly scalable.

IBM Tivoli System Automation for z/OS (SA for z/OS): Numerous system management functions with a single point of control

Get solutions to a wide range of NIS2-related issues in one go: with VIKING Backup Guardian - cyber-resilient all-in-one backup solution.

Harden your IT infrastructure against cyber attacks

Optimise your data backup environment and archiving

We manage your backup environment for you.

Easy and efficient administration of IBM System z/OS

Veeam offers you exciting opportunities to future-proof your IT and backup environment.

Since more than 30 years we provide consulting services for IBM products and manage IBM infrastructures in the enterprise environment.

Alert message: Error in Veeam Backup for Microsoft 365: First aid for admins when backing up Exchange mailboxes

Cohesity is our strong partner for cyber-resilient architectures with VIKING.

With Predatar, you have a clear advantage thanks to AI anomaly detection: Proactive Recovery Assurance

So why not wasabi?

The interface for easy use of IBM Storage Protect (ISP)

Because our customers love it: Get to know our partner technologies from General Storage

Automated monitoring & reporting - complete control of all backups and restores in your company

Managing Microsoft Sharepoint - sustainable, secure, productive with Docave

Get an overview of trainings & events

Easter bundle until 30.04.2024: Book now and save 20%-30% by quoting the promo code!

Am 18.06.2024 diskutieren wir mit unseren Partnern Veeam und Wasabi, wie Sie Risiken effizienter minimieren.

Proxmox with Veeam - an alternative to VMware?

Empalis technical article in IT Security Online: Cyber Resilience: Which backup solution for Microsoft 365?

Empalis ist again awarded as top company in 2024 - thank you!

The formula for our success: Be there, keep listening, implement.

Empalis ist pioneer partner of Apex by Predatar

Empalis is welcoming new employees - just send us your unsolicited application.

We look forward to hearing from you!