Log4j patch for vRealize Automation 8.x and vRealize Orchestrator 8.x (KB87120)

Hi!

Over the past few days a critical vulnerability has been identified in the Apache Log4j module and lots of applications over the world are affected by this. 

The latest information regarding VMware Products which have been affected by this vulnerability can be found here:

For VMware vRealize Lifecycle Manager 8.x – Please check on our previous blog here.

For VMware Identity Manager 3.3.3 – 3.3.5 -Please check on our previous blog here.

For VMware vRealize Automation 7.6 – Please check on our previous blog here.

For VMware vRealize Automation 8.x (8.2, 8.3, 8.4, 8.5, 8.6) VMware provides a workaround . See the KB below:

Attention for vRealize Automation 8.0, 8.1 = It’s same core product, but it’s a non supported anymore since couple of months ago.

VMware has stated that a final solution will be released on the next cycle path version vRA 8.6.2

Meanwhile, the workaround is done via manual process below:

1 – Take simultaneous VM snapshots without memory of all nodes in the cluster.

2 – SSH login or virtual machine console into one of the nodes in the vRA / vRO cluster.

3 – Run the following command on one of the vRA or vRO cluster nodes

vracli cluster exec -- sh -c "current_node" && vracli cluster exec -- sh -c "base64 -d <<< '/Td6WFoAAATm1rRGAgAhARwAAAAQz1jM4LzGDvpdADmZSuojhr8q8RskPKwtrPJnfeTy62+4gkp6IAHJt7z/IAlAE34mhHeD+a06hKL4FKnH1FFyuQkQAbIkb9+Jxr/mBShPT+kQIqQgJ9uUA9aVcJkEH2LD5FcwKUc+AOzrUnv2eW7IAa2JTxxI+m3RAei3iHxpOmeUl5vgMKmFEdTrdmQxEM2j7KGwO9cAM4E4NkBbaru+xfKmjzDfY3KVQYDhYB9vASv6vT+KmikoprMsfrjpd51jMF6G6coW+X9FRZGiDWQOBQgn8nwVxNO7dXYEJdsrIaNfqtN6naau6MGNAOgWD7/xLCqwNfoDzmEolwlwXgoA1YqjQXHZPPGKMAcx6kHotFaPiT0A9d8uS/1esgQrkGDL/0lBJ/1B6VizCfnFsSNUq1rBgwSzJEyXZ2hPERfQyFhKo0qLjNFSkKF+kovFU22+fIUfgGTDQ1QmH+xZ91bVfKvgnT77s1+I+L7P3NjomAdZCyMlBIZlTf0s6K0pY5uW6PjMTeyizNTVBvwxyJwjoSdOE/OpkyeZYTUcW0HB5J1naH402r+ix7oIRvOpseGhJGxM39lSQYZpTZCZSIbt4WL54k7GD1Pxvd2dZcy+NjKHhtBS8rTfRdOJUU5FeQogcjRc9SXiGN6lhE50npi4Yk9bV4RDffweII0ojGY/KzjFqpOj40Tfm92yrf1E5OC5SAlWSR6/tYG3NQuyd0Z+00TJADg8TqgcSYb6hRa0nDsdr7Rx9yfMJ2tEgZP2B51WupnWiWaBzcf3ZdBTl4txBJpgYCQ7z+SmXbNfqUHRp+iZI62lUZeD1RiXJu3s9HZ/hhl+KPs6eUPPjyNwzP0WFZwe8iaakn5Rv4SFZ3/TLP3UWtnjFzd3VdUuVTZd4Fez2SlaP2RqtPkrTEa+kaob866XSuf54HXOPtdD7hcVIEilPAYMmEM5RypFsv87JLeH7Qy98grA/4i72ArPd/N2UR7adIST+qY/+IjuTSW0ulVQIJKyOcpCWmZVx1DoVH493CcB23InpMJbrRvKy6/r4/v9Yo9Ukt78bQ1YVg7EwSKfgJw+UOKB7wOIP7nDJltvCiTuYq8AHaHmtuqv2idEhOzuyfAkIuEvZ7JN180dM7wRp3BIQFWQvVyZIo8MTH4x5mIgJBg9g1a04jZUCUP2CF9OUI5MqD/BM2chX3OhED3vBUK6VofZetu1cbP99a2g5/lVHeSSDCfrDOWnNp05jLAorNKhgnrV3YuDyD11yTF/Gnwj4OyQ0ymOrfDyVJQEpE+jfxX6PLnl0UWjGaWmRvgaVNMpkdY/3HQFK/J1qngcVIrGnyovOBt+fdA+N9HM3PoSXxPOwYyHKTYtm19Y1Pq4eduwuTAmsw57Ql2F/UwyWKNfLzl2JGmiTWT4M8cYMQ1QVvxAnXdl5SpMje2IUBO2OreLvQjsFsgtGVlKL3H37Jyi5rxXR/qyR7rfqaCajTW28F8tYEQtXyQJphItz6rBiMPZ6umlhMv9iCyJf8vnEUvbR1BXTiYZfY0TNiD72tGAjJazw5vwj5OEP9fLrFMOAdq5f/6c3Pc276nkUNshXvaBVUazbSLFZdbLrwwTY40kimz8WuodZDE7hYTZVbX6QS7VPA48HtXf5g+GUpJ9MzcLjvupxDWWick+A2o4I0wALUwCYRv7tM0kvYZCrt1cyirZ1iDiG0Gl6RWUv2E6OuYTJV7p46pF3Nb/16mmawF3Vk0ApsaMTNcs2Ih2X//6KFbozqhi+u+xn3fvOMyxaIHHQuUV2jQjk5zUBNh06BPt6P+aHT83ZEj2wC6Mq1dAxyyzFO3IP0iv45HidUsw52qdLhyvqswJsW5hNnVuxMrn1IYIt2mCM/5d4fxtfI3TVJHq/JUZkPfg9q7kUOiIPr768WgG3NM1Gdtm9M7D9rbhPVNFQeKcdMirE/LDlQYHXhi7CtAjYMLk5wO5xEpMLvT9W0NaaccHwYX7Htn0ToTosPzqidLu59RJrsAW0l7aQkUaRU2Niz2QF89R9bXJICDCkqZwXq37p4vQ7xDVOEWmVceRARKQUa+kR6SzeDdtAgRD58G2kITXGL5SNlXN+bYRmgmOuxIuCtbnIcJWfVhio2rDbChS3oUOg4w+C6K2uyIww0+/+rJgpE0FYAWCa5YQ+FvsrjJgt/tVyS2BXpGnEJJqhTSWQIqc9zNTThgagt4dI5P4+DqFZt3OPNxotSC16pjRKAII8P6sXDL9fnQOeMpv7KSXjfQXaFipwrHMFzoxbA5htqJ92COM0nK1Gh+4Tgp9GQb+EhMuhJMifbV34GGJtJzk2uK0akCBe4tjE/GnKZ+0OmEbPWxBpUcDEzRozI40H6Cmt2bd7KkjaUUrYU/6OiIWo8T9o4lzTirwlqspNID9U8e0l57V2L6v23Wtp5pnRFwEWEmBR1fX5bNvcyaNFFXbtFgbdw5c10HOudV/MidgNjlLFFLg1M7Ch4WSKFcDB2cbH1nGWdJw1dI/HCqi4lxdJICKl9fOcl5eAur58V87OmNyBQRTN9gMr72+G8d1mp3EdI1RHZwwOFWNT65DKalzD9r6urMgzbQ1zrVd+/Si4mJnSzF7yMrPdlkT2ptR489OR7ZNzrUTDTzYxTpKD1VyUmfQnKI46txZPRo2GEmTBZl3C+GVL15OTE+5Ve8yN13/szSzRIhLdOPiWY2X8LGD5fS4DD7yDFRd/0hVF8D0l0ne9SV3aAb7xw/gcxDGQcC3MxK5IWPCW9ROomrWW3SZ9jw6DrIobk2yY5PA3Ue1zrCAJEu4VN1A1KQEDjHrySRBe9yCZIGEw+ShSzr53KXlUe9p9tFxTYu3r2WQTMgJeakkeGPi2Hd5xeWPsnU2dLJuZ6ZhqQlaXX0GnFGWMRx0C3+n+ekfKsc93WmK2bUIu9fUQsYYwZrsiwnlMmwN41146iNI0zc5+3RRPd4h3g9pn9pNYMHk5JXBrM4tJA9+kzlQc1v1ZKI88rURD+b5ykygOk5JyU7ewImVqw6N188r1stMv9OxCbrqOFypsFWjOouhszejiOhmoldRdyWyAKwaq6cfLeiD5+b0gseSe3yht3aQBDzOIbDM47YiGUuCtjiApnPqWq+7feSG9rAWQzY4PQAA6jUs/Qh58M3jVpyXzttvwshpS51nUB878tqMLAaxkM3zOHgM6QRIRQv6LgXD3z/IhcEB0yle3Sa2afqLDZJs58E6vvAHlXB+6rW/3NuTyAXWzMGdjS/j48NBISLcSWpJT0FGoqNv3JN+db48hvVWTLbh9U9bK9S1b9E60xAM2C+sWbS8c11WJwWDyO8ZgkxviZxkWTQTHb4ebn6V/FKTKcKIMi3c9RLESNAA+xtxBECEU9CirOQH8Nck9WJym4DtNWaizjupXB8B8+KCOIzH1p6kWeirssbcQBKcflZVu8XuEfI8clnSAorIjrK3loidISM0ZiLZ3sJYnoGeNe4z86j+za7qgfcky4p0cX4AdN5fYr1UTZ1Ptvd/MDUCTPpziMN5+fx+HogpkStXOthkssiM24KP0v854rvkyDbwpdY+n72u/oWFhoOEMkhb6/ylcJqdeOIZvS+90nwoIqLtW9t/81Pt5NzFgEeT10yfXv+aBKayjTnNy+GlNweHjep0biX0v7ZAjuacRcllguI06pJVmf7XF20cPmyf3ag4ArBkd+OY5hIKzgI8FsxA1Q8pQ6TTHGJbTnahyA72iUsP9VFaOgYvfKi3bL+szQ4yg5yF1nAgASNbyju58aNq4RkOlFklbtHO4y/1Dyy2pz2yPTcdxzq2d9iN4oSZNuM0Yo9pw/0JVewtN1gdCTEEwOFujv8CpJF2ApS23s2/MHe7tI4ColfofxKctL2OTAXbruSdmOF0DL5JgMqnUTckiX8Ps0iQ8Q2UMeqJa5bB4FvH5j6uY8Rvol+upuE7FeRRkHRulOljKtNQkt1C+iqCHpmpplVDAGNoxALyBFDTYluietPMlvaP2NEvIb5vrbnU/WhvG6SFettTXD2itD/cZmaf5yV9ZeO7bg/tZIWg5LzgP7NNE+NqYyGBrec9MT95carUMTegl4mMOu2uLa/jN0AlgNxqdo3CCFyzVx11dCVFZdQc/MSilWlmwrOuQmWUpCpbdLK7pCB6RtaFoCoanvLMAwatfvA5FZ3N/I5fbnXgI7qy4v8j/XBXX8kzCnLcMZ8UEmKJtwtM4Gw7fnUzD51kDRryLTL9vJUaglKHRo/TttHFAoSwvhY6X00pGLd/ifZXSafSOHEgmnqyZ5Q1k7VfBRE6Fd92OsYWqWf6q8kYD79D0w6txUKvCEv2dMC+xU5GlzvCT0nwNnLsEaREcnIRnYnKITWd4RXCBvtFgHSFL48YOwKIWfL+GoaYbIyqTKWV51TnkRat8z6I6r5ZTW85ag8YtSFuTgx5YBVtg7/oHkFhvIZHBwRdOZ9WqBhJKZLAD8R//km6edJQ5gGkVJuY1p3YfT5d+lbvp4jfN0ltzIgZVQE1EtQ1AmtyppLOnR5jskG5WEm4ziAOr1RbiKf85ESeEaqxpwpgjPfzj7bjDOpCmgDKMieTogo4xKwRBVyVrIC3kKfZgQgdY98i0yqdTqcjquLZzY+3Fx2lQXWxO5dbcQI9R6xoXh1ieXeP51PVSWppxY0TGbzyX6SY5WLJk/SAdV2wtd6Y0/xnZFSJZNXnIeHzPxKHPJZvqTXPDScH8D2b3Cd9fjJcPffUR3NcPMlHts+ULNprsUWnx2h2qdbepQj+mEFYzegg967XE0z73vJK/T1Ah2028JqclteT8CTeoxWr6A+0UmLhY2W43a/+R6C7Xa6vpivXwZ6f0HPH96/q4FnzJ565Vb2fqQ9KqZvs48NF276cbalPCp1251ts++Q6vF2dAm1OCyeo8WAbgbtAyoDzmozSAFLy32rzLAWmRA3tbtuKKXY7le0rohCdeS23T0PKiiz9POFf7zkdp9SAsWAI+YZY/6p/CFptNEmKOpI4bBKsYH1mmcZR6lHnY5nxoQuGMQJJ4iNqzQJn61zMZDtUMzBe0wEhngfXU/fmdmGq9m8kNFjS9Ro95Qsy8m4AoG6xnwgtEquurPMS19qhL9TkoMxiYca25aVzxrDQeyqq+AAAADxmkaM/UJobAAGWHsf5AgAC9AO0scRn+wIAAAAABFla' | xz -d | bash -" && vracli cluster exec -- /etc/bootstrap/postupdate.d/71-15-cve-2021-44228.sh

3 – Run the next command

/opt/scripts/deploy.sh

4 – To validate that the script ran successfully, the following command will return NO output

vracli cluster exec -- sh -c "base64 -d <<< '/Td6WFoAAATm1rRGAgAhARwAAAAQz1jM4AIDAWBdADkPSodkNcXcihXcIR95zRk63dKXgV3lJzz8qsobbkxxY+MsBosGXE6KHbVy6vzVMxVodFncIuE41Q27rE1ggQIpQpQnn4ltFT3DCYVv90BiastOCnmxR7o+yesiYxYq49IKOj6Sx0JKbwYdRbspXjC9TE77QDQ+f1LpZR0ea8dpFAXbsSdfIs2ulQDJ/ImbxBt+ODDWHi0JKMUAXawtz5/NPqjoRzO95WcrNrIY782C3PPxyooJuMj2Ga9ua9G1ljrTuAwhEpDSdYB09n1dHXAmd/BOy35SM2pwAeEmnXwdBYFl1GRsWFDojMP04SnaJph8nlozn3WYUK1A2l1nYQI5xcRro8uP8aWQi5SqImaJJ7Ob58BO4R+RroqqNL4MIlGRii10LEZWgVSGuoAXJqVg4KjhaDNrfOFMQqzrNYLUWgDf7GRPqa9HlNhvzIYv6aY8DVUfj8sbM/fRjoY8ZSAAt2eHiKYy/RoAAfwChAQAAG/X976xxGf7AgAAAAAEWVo=' | xz -d | bash -"

Good luck!

4 thoughts on “Log4j patch for vRealize Automation 8.x and vRealize Orchestrator 8.x (KB87120)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s