Skip to main content

Hi 

 

How do I check on the Commserve, if the features below are in use? Is it in the licensing ...where would I look. I don’t think we are, but would like to check for my own benefit.

 

Microsoft SQL Server agent - Database archiving, data masking, and table level restore

Hi @LaurenceB 

Please take a look at this thread:
 

 

We’re using this sticky thread for everything relating to CVE-2021-44228.

 

Essentially there may be log4j packages present for those agents and the hotfixes provided will clean those up.

We’re recommending you patch any of the potentially affected agents.

Thanks,

Stuart


Does the update to remove the vulnerable log4j versions (v11SP24_Available_HotFix4552_WinX64.exe) from the affected Commvault packages require any CommVault services to stop/restart?

Gerry


Hi @gmoh 

Yes, as per usual hotfix installations, client services are stopped to install the hotfix.

Thanks,

Stuart


Thanks Stuart.  Do all CommVault installations contain the vulnerable jar?  Can it be deleted instead of running the hotfix?

Gerry


@gmoh , the hotfixes remove the vulnerable versions and upgrade to 2.15 (fixed version).

Removing them alone might cause features to break.  Better to install as per the instructions and be covered.


Thanks Mike.


My pleasure.  Thanks for joining our community, and hope to see you around again!


So - the zip file has a bunch of hotfix files in it. When I unzip, there are 2 WinX64 exe files that I could run - which is the correct one?
v11SP24_Available_HotFix4552_WinX64.exe

or

v11SP24_Available_HotFix4553_WinX64.exe

Gerry


Hi @gmoh , I believe we covered this in the main thread.  Use Copy to Cache to populate the software cache along with the report and push updates via the GUI.  It does it all for you.

 


@Mike Struening - Hi, we are on version 11.20 and ran the hotfix as per the recommendation. 

However the scan says still vulnerable, would you be able to comment on this please.

 


Hi @Deepk Mathew - please add your question above ^ to the main thread here 

Thank you!


Reply