The reports about Log4j do not stop. A colleague discovered the following additional CVE 2021-45046 this morning:
https://www.lunasec.io/docs/blog/log4j-zero-day-update-on-cve-2021-45046/
Laut Meldungen aus ADSM.org und unseren eigenen Recherchen sind wahrscheinlich nur Backup/Archive Client Installationen mit konfiguriertem WebClient und Spectrum Protect for Virtual Environments mit aktivem Web Server (vSphere Plugin) angreifbar.
According to reports from ADSM.org and our own research, probably only Backup/Archive Client installations with configured WebClient and Spectrum Protect for Virtual Environments with active Web Server (vSphere plugin) are vulnerable.
Therefore, the simplest workaround is to temporarily disable the WebClients and stop the TDP4VE Web Server.
Disable Web Client under Windows
- Net stop "TSM Client Remote Agent" (Default Configuration) and then set the service to Manual.
- https://www.ibm.com/docs/en/spectrum-protect/8.1.12?topic=overview-configuring-web-client-windows-systems
Disable Web Client under Unix/Linux
- In dsm.sys change the line managedservices webclient schedule to:
Managedservices schedule
. - And restart the dsmcad daemon. https://www.ibm.com/docs/en/spectrum-protect/8.1.12?topic=wcco-configuring-web-client-aix-linux-mac-solaris-systems
Um den Spectrum Protect for Virtual Environments Web Server zu beenden
- Net stop “IBM Spectrum Protect for Virtual Environments Web Server”
- Oder Net stop IBMVEWebServer
Der Dienst sollte anschliessend auf manuell gestellt werden.
To stop the Spectrum Protect for Virtual Environments Web Server
Add the last line (-Dlog4j2.formatMsgNoLookups=true) in C:\IBM\SpectrumProtect\webserver\usr\servers\veProfile\jvm.options, so that it looks like this:
-Dlog4j2.formatMsgNoLookups=true
then restart "IBMWebserver".
This workaround works for Spectrum Protect clients of version 8.1.11 to 8.1.13!
However, currently only an update to Log4j version 2.16.0 is a permanent solution. For this we have to wait for a fixed Spectrum Protect Client version from IBM.
We will keep you informed on this topic. If you have any questions, please do not hesitate to contact us.
Your Empalis team