<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Has anyone applied the LOG4SHELL mitigations for vCenter ? in vCenter™ Server Discussions</title>
    <link>https://communities.vmware.com/t5/vCenter-Server-Discussions/Has-anyone-applied-the-LOG4SHELL-mitigations-for-vCenter/m-p/2883043#M92686</link>
    <description>&lt;P&gt;Here is the general advisory&amp;nbsp;&lt;/P&gt;&lt;P&gt;&lt;A href="https://www.vmware.com/security/advisories/VMSA-2021-0028.html" target="_blank"&gt;https://www.vmware.com/security/advisories/VMSA-2021-0028.html&lt;/A&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Here are the vCenter 7.x appliance specific steps.&lt;/P&gt;&lt;P&gt;&lt;A href="https://kb.vmware.com/s/article/87081?lang=en_US" target="_blank"&gt;https://kb.vmware.com/s/article/87081?lang=en_US&lt;/A&gt;&lt;/P&gt;&lt;P&gt;Has anyone applied these yet ? Ideally I prefer to wait for an official patch from VMware&lt;/P&gt;</description>
    <pubDate>Mon, 13 Dec 2021 13:59:25 GMT</pubDate>
    <dc:creator>mbartle</dc:creator>
    <dc:date>2021-12-13T13:59:25Z</dc:date>
    <item>
      <title>Has anyone applied the LOG4SHELL mitigations for vCenter ?</title>
      <link>https://communities.vmware.com/t5/vCenter-Server-Discussions/Has-anyone-applied-the-LOG4SHELL-mitigations-for-vCenter/m-p/2883043#M92686</link>
      <description>&lt;P&gt;Here is the general advisory&amp;nbsp;&lt;/P&gt;&lt;P&gt;&lt;A href="https://www.vmware.com/security/advisories/VMSA-2021-0028.html" target="_blank"&gt;https://www.vmware.com/security/advisories/VMSA-2021-0028.html&lt;/A&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Here are the vCenter 7.x appliance specific steps.&lt;/P&gt;&lt;P&gt;&lt;A href="https://kb.vmware.com/s/article/87081?lang=en_US" target="_blank"&gt;https://kb.vmware.com/s/article/87081?lang=en_US&lt;/A&gt;&lt;/P&gt;&lt;P&gt;Has anyone applied these yet ? Ideally I prefer to wait for an official patch from VMware&lt;/P&gt;</description>
      <pubDate>Mon, 13 Dec 2021 13:59:25 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/vCenter-Server-Discussions/Has-anyone-applied-the-LOG4SHELL-mitigations-for-vCenter/m-p/2883043#M92686</guid>
      <dc:creator>mbartle</dc:creator>
      <dc:date>2021-12-13T13:59:25Z</dc:date>
    </item>
    <item>
      <title>Re: Has anyone applied the LOG4SHELL mitigations for vCenter ?</title>
      <link>https://communities.vmware.com/t5/vCenter-Server-Discussions/Has-anyone-applied-the-LOG4SHELL-mitigations-for-vCenter/m-p/2884945#M92734</link>
      <description>&lt;P&gt;I ran both Pythion scripts on several 6.7.0U3p VCSA appliances. No issues...&lt;BR /&gt;&lt;A href="https://kb.vmware.com/s/article/87081" target="_blank" rel="noopener"&gt;https://kb.vmware.com/s/article/87081&lt;/A&gt;&lt;BR /&gt;and&lt;BR /&gt;&lt;A href="https://kb.vmware.com/s/article/87088" target="_blank" rel="noopener"&gt;https://kb.vmware.com/s/article/87088&lt;/A&gt;&lt;BR /&gt;&lt;BR /&gt;There is now just a single script that needs to be run...&lt;/P&gt;</description>
      <pubDate>Wed, 22 Dec 2021 20:20:20 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/vCenter-Server-Discussions/Has-anyone-applied-the-LOG4SHELL-mitigations-for-vCenter/m-p/2884945#M92734</guid>
      <dc:creator>lhedrick</dc:creator>
      <dc:date>2021-12-22T20:20:20Z</dc:date>
    </item>
    <item>
      <title>Re: Has anyone applied the LOG4SHELL mitigations for vCenter ?</title>
      <link>https://communities.vmware.com/t5/vCenter-Server-Discussions/Has-anyone-applied-the-LOG4SHELL-mitigations-for-vCenter/m-p/2885084#M92736</link>
      <description>&lt;P&gt;&lt;a href="https://communities.vmware.com/t5/user/viewprofilepage/user-id/1345522"&gt;@mbartle&lt;/a&gt;I implemented the workaround with the vc_log4j_mitigator.py which can be found here: &lt;A href="https://kb.vmware.com/s/article/87081?lang=en_US" target="_blank"&gt;https://kb.vmware.com/s/article/87081?lang=en_US&lt;/A&gt;&lt;/P&gt;&lt;P&gt;I implemented the workaround successfull on 19 vCenters until now. The script works very good. When you run it again in drymode (python vc_log4j_mitigator.py -r) you can check, if there are any vulnerable files left.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Thu, 23 Dec 2021 14:17:58 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/vCenter-Server-Discussions/Has-anyone-applied-the-LOG4SHELL-mitigations-for-vCenter/m-p/2885084#M92736</guid>
      <dc:creator>stadi13</dc:creator>
      <dc:date>2021-12-23T14:17:58Z</dc:date>
    </item>
    <item>
      <title>Re: Has anyone applied the LOG4SHELL mitigations for vCenter ?</title>
      <link>https://communities.vmware.com/t5/vCenter-Server-Discussions/Has-anyone-applied-the-LOG4SHELL-mitigations-for-vCenter/m-p/2885085#M92737</link>
      <description>&lt;P&gt;&lt;a href="https://communities.vmware.com/t5/user/viewprofilepage/user-id/159604"&gt;@lhedrick&lt;/a&gt;The KB &lt;A href="https://kb.vmware.com/s/article/87088" target="_blank" rel="noopener nofollow noreferrer"&gt;https://kb.vmware.com/s/article/87088&lt;/A&gt; is obsolete since 21.12.2021. There is a new script released and these steps integrated into &lt;A href="https://kb.vmware.com/s/article/87081" target="_blank" rel="noopener nofollow noreferrer"&gt;https://kb.vmware.com/s/article/87081&lt;/A&gt;&lt;/P&gt;</description>
      <pubDate>Thu, 23 Dec 2021 14:20:00 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/vCenter-Server-Discussions/Has-anyone-applied-the-LOG4SHELL-mitigations-for-vCenter/m-p/2885085#M92737</guid>
      <dc:creator>stadi13</dc:creator>
      <dc:date>2021-12-23T14:20:00Z</dc:date>
    </item>
    <item>
      <title>Re: Has anyone applied the LOG4SHELL mitigations for vCenter ?</title>
      <link>https://communities.vmware.com/t5/vCenter-Server-Discussions/Has-anyone-applied-the-LOG4SHELL-mitigations-for-vCenter/m-p/2885088#M92738</link>
      <description>&lt;P&gt;Hi,&lt;/P&gt;
&lt;P&gt;&lt;SPAN class="VIiyi"&gt;&lt;SPAN class="JLqJ4b ChMk0b" data-language-for-alternatives="en" data-language-to-translate-into="it" data-phrase-index="0" data-number-of-phrases="2"&gt;&lt;SPAN&gt;Yes, I applied the workaround 5 days ago on 24 vCenter.&lt;/SPAN&gt;&lt;/SPAN&gt; &lt;SPAN class="JLqJ4b ChMk0b" data-language-for-alternatives="en" data-language-to-translate-into="it" data-phrase-index="1" data-number-of-phrases="2"&gt;&lt;SPAN&gt;I had no problems.&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;For now the solution is to apply the Python workaround. The fix is included in the next "minor release" of each vCenter release.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;regards,&lt;/P&gt;
&lt;P&gt;AR&lt;/P&gt;</description>
      <pubDate>Thu, 23 Dec 2021 14:47:24 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/vCenter-Server-Discussions/Has-anyone-applied-the-LOG4SHELL-mitigations-for-vCenter/m-p/2885088#M92738</guid>
      <dc:creator>Alex_Romeo</dc:creator>
      <dc:date>2021-12-23T14:47:24Z</dc:date>
    </item>
  </channel>
</rss>

