Before You Begin :
1. Familiarize yourself with the procedures included in this document.
2. Make sure that you have Administrator access to the Windows system where Portal is installed.
3. Identify the directory where Portal is installed. By default, that directory is
C:\Riverbed\SteelCentralPortal. If you chose a non-default directory when originally installing Portal,you will need to adjust these instructions accordingly.
4. These instructions were developed on Windows Server 2008. Specific commands might differ depending on the version of Windows in use.
5. Take precautions to make sure you can revert to the version of Portal that existed before following this procedure. This may become necessary in case something unexpected happens
when following this procedure. At the very least this includes making backup copies of various files that you will modify before making changes. Ideally this would include having a snapshot
of the environment (if using a Virtual Machine) or a backup of the environment if Portal is deployed on Windows directly.
6. Follow these instructions exactly. Using third-party tools to modify the .jar file has been shown to corrupt the file with the result that the procedure fails.
Steps to mitigate the vulnerability :
As mentioned, ensure that you are backing up any files that are being changed.
1. To stop Portal services, navigate to Start Menu > All Programs > SteelCentral Portal and click on “Stop SteelCentral Portal Web Service”. Wait until Portal completely stops.
2. The vulnerable class JndiLookup.class is included in jar file log4j-core-2.2.jar and is present in three distinct directories in Portal software:
It is important to remove this class from all three instances of the jar.
3. Navigate to
C:\Riverbed\SteelCentralPortal\arx_proxy\arx-proxy\WEB-INF\lib and locate file
4. Copy the file and rename it to
5. Goto Tools -> Folder Options -> View and uncheck “Hide extensions for known file types”.
6. Change the extension of the original file to “.zip” and navigate inside the archive to directory
7. Locate file
JndiLookup.class and DELETE it.
8. Navigate back up the to the lib directory and revert the extension back to “
9. Copy this patched jar and navigate to
10. Paste it in the above directory to replace vulnerable
11. Similarly, navigate to
C:\Riverbed\SteelCentralPortal\Tomcat\webapps\scportal\WEB-INF\lib and paste the patched jar to replace vulnerable log4j-core-2.2.jar in that directory.
12. To start Portal services, navigate to Start Menu > All Programs > SteelCentral Portal and click on “Start SteelCentral Portal Web Service”