Log4j Vulnerability - Microsoft SQL Server agent - Database archiving, data masking, and table level restore
Hi
How do I check on the Commserve, if the features below are in use? Is it in the licensing ...where would I look. I don’t think we are, but would like to check for my own benefit.
Microsoft SQL Server agent - Database archiving, data masking, and table level restore
Page 1 / 1
Hi @LaurenceB
Please take a look at this thread:
We’re using this sticky thread for everything relating to CVE-2021-44228.
Essentially there may be log4j packages present for those agents and the hotfixes provided will clean those up.
We’re recommending you patch any of the potentially affected agents.
Thanks,
Stuart
@gmoh , the hotfixes remove the vulnerable versions and upgrade to 2.15 (fixed version).
Removing them alone might cause features to break. Better to install as per the instructions and be covered.
Thanks Mike.
Does the update to remove the vulnerable log4j versions (v11SP24_Available_HotFix4552_WinX64.exe) from the affected Commvault packages require any CommVault services to stop/restart?
Gerry
Hi @gmoh
Yes, as per usual hotfix installations, client services are stopped to install the hotfix.
Thanks,
Stuart
Thanks Stuart. Do all CommVault installations contain the vulnerable jar? Can it be deleted instead of running the hotfix?
Gerry
My pleasure. Thanks for joining our community, and hope to see you around again!
So - the zip file has a bunch of hotfix files in it. When I unzip, there are 2 WinX64 exe files that I could run - which is the correct one? v11SP24_Available_HotFix4552_WinX64.exe
or
v11SP24_Available_HotFix4553_WinX64.exe
Gerry
Hi @gmoh , I believe we covered this in the main thread. Use Copy to Cache to populate the software cache along with the report and push updates via the GUI. It does it all for you.
@Mike Struening - Hi, we are on version 11.20 and ran the hotfix as per the recommendation.
However the scan says still vulnerable, would you be able to comment on this please.
Hi @Deepk Mathew - please add your question above ^ to the main thread here