vRSLCM 8.x – Quick Tip – log4jfix.sh Fix Error: Binary Operator Expected – CVE-2021-44228

Hi!

Over the past few days a critical vulnerability has been identified in the Apache Log4j module and lots of applications over the world are affected by this. 

The latest information regarding VMware Products which have been affected by this vulnerability can be found here:

For VMware Identity Manager 3.3.3 – 3.3.5 -Please check on our previous blog here.

For VMware vRealize Automation 8.x – Please check on our previous blog here

For VMware vRealize Automation 7.6 – Please check on our previous blog here.

For vRealize Suite Lifecycle Manager (vRSLCM) 8.X VMware provides a workaround currently. See the KB below:

UPDATE 14/12/2021: VMware has updated the KB Article mentioned above and stated that you could also resolve the error by renaming the old .jar file to <old_jar_file_name>_old.jar; out blog post has been adjusted to reflect this.

I was applying the Fix on various vRLSCM environments from a few customers and encountered the following Error on some of them:

./log4jfix.sh: line 4: [: vmlcm-service-8.1.1-SNAPSHOT.jar: binary operator expected

I was running vRSLCM 8.4.1 (PATCH 2) at this customer and according to the Error Message the script tried to use the 8.1.1 Jar.

The contents of the log4jfix.sh script looked as follows:

Solution

The solution so far that worked for me (and for others, see VMware Communities link) is to remove the OLDER version of the .jar file in the above mentioned location (/var/lib/vrlcm). The .jar file of the vRSLCM version that you’re running should be kept; only remove the older one.

Go to the ‘/var/lib/vrlcm‘ directory on your affected vRSLCM Appliance and list its contents:

You’ll probably notice an older version of the .jar file in this location, as shown in the screenshot above.

Rename / Move this older version of the .jar file (adjust the command below to your older version’s .jar file being there):

mv vmlcm-service-8.1.1-SNAPSHOT.jar vmlcm-service-8.1.1-SNAPSHOT_old.jar

OR

mv vmlcm-service-8.1.1-SNAPSHOT.jar /tmp

Try running the script again, it should now succeed and use the correct .jar file:

./log4jfix.sh

Hope it helped!

4 thoughts on “vRSLCM 8.x – Quick Tip – log4jfix.sh Fix Error: Binary Operator Expected – CVE-2021-44228

  1. Pingback: Log4j patch for vRealize Automation 7.6 and vRealize Orchestrator 7.6 (KB87121)
  2. Pingback: Log4j patch for vRealize Automation 8.x and vRealize Orchestrator 8.x (KB87120)
  3. Pingback: Log4j – How to patch VMware vRLSCM, vIDM, vRA 7.6-8.x (VMSA-2021-0028)
  4. Pingback: VIDM 3.3.3-4-5 – Quick Tip – VMware released Script for CVE-2021-44228 (Apache Log4j Vulnerability)

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s