Solved

Log4j Vulnerability - Microsoft SQL Server agent - Database archiving, data masking, and table level restore

  • 14 December 2021
  • 11 replies
  • 2489 views

Badge

Hi 

 

How do I check on the Commserve, if the features below are in use? Is it in the licensing ...where would I look. I don’t think we are, but would like to check for my own benefit.

 

Microsoft SQL Server agent - Database archiving, data masking, and table level restore

icon

Best answer by Mike Struening RETIRED 14 December 2021, 19:22

View original

11 replies

Userlevel 7
Badge +15

Hi @LaurenceB 

Please take a look at this thread:
 

 

We’re using this sticky thread for everything relating to CVE-2021-44228.

 

Essentially there may be log4j packages present for those agents and the hotfixes provided will clean those up.

We’re recommending you patch any of the potentially affected agents.

Thanks,

Stuart

Badge +2

Does the update to remove the vulnerable log4j versions (v11SP24_Available_HotFix4552_WinX64.exe) from the affected Commvault packages require any CommVault services to stop/restart?

Gerry

Userlevel 7
Badge +15

Hi @gmoh 

Yes, as per usual hotfix installations, client services are stopped to install the hotfix.

Thanks,

Stuart

Badge +2

Thanks Stuart.  Do all CommVault installations contain the vulnerable jar?  Can it be deleted instead of running the hotfix?

Gerry

Userlevel 7
Badge +23

@gmoh , the hotfixes remove the vulnerable versions and upgrade to 2.15 (fixed version).

Removing them alone might cause features to break.  Better to install as per the instructions and be covered.

Badge +2

Thanks Mike.

Userlevel 7
Badge +23

My pleasure.  Thanks for joining our community, and hope to see you around again!

Badge +2

So - the zip file has a bunch of hotfix files in it. When I unzip, there are 2 WinX64 exe files that I could run - which is the correct one?
v11SP24_Available_HotFix4552_WinX64.exe

or

v11SP24_Available_HotFix4553_WinX64.exe

Gerry

Userlevel 7
Badge +23

Hi @gmoh , I believe we covered this in the main thread.  Use Copy to Cache to populate the software cache along with the report and push updates via the GUI.  It does it all for you.

 

Badge

@Mike Struening - Hi, we are on version 11.20 and ran the hotfix as per the recommendation. 

However the scan says still vulnerable, would you be able to comment on this please.

 

Userlevel 6
Badge +12

Hi @Deepk Mathew - please add your question above ^ to the main thread here 

Thank you!

Reply