Portal 3.x : Mitigation for Apache's Log4j Exploit (CVE-2021-44228, CVE-2021-45046, CVE-2021-45105 )
On Dec 9, a remote code execution vulnerability in Apache log4j was announced.
https://nvd.nist.gov/vuln/detail/CVE-2021-44228
Portal 3.x : Mitigation for Apache's Log4j Exploit (CVE-2021-44228, CVE-2021-45046, CVE-2021-45105 )
Issue
Solution
Recommendation for customers running v2.x is to update to v3.5.1.
Example update path from 2.x to 3.5.1 is as follows :
2.0.0 → 2.1.0 → 2.2.1 → 3.0.2 → 3.1.1 → 3.2.0 → 3.3.1 → 3.4.1 → 3.5.0 → 3.5.1
A patch fix for CVE-2021-44228 is now available on the Support site as of Dec 16, 2021 at the following links:
Update Image : SteelCentral Portal Update (ISO Image) Version 3.5.1 (12/16/2021)
SteelCentral Portal 3.5.1 User Guide
New Install : SteelCentral Portal Virtual Edition for ESXi Version 3.5.1 (12/16/2021)
SteelCentral Portal 3.5.1 Installation Guide
Portal Software Download Page : Link
Release Notes : 3.5.1
A patch fix for CVE-2021-45046, CVE-2021-45105 is now available on the Support site as of Dec 21, 2021 at the following links:
Example update path from 2.x to 3.5.2 is as follows :
2.0.0 → 2.1.0 → 2.2.1 → 3.0.2 → 3.1.1 → 3.2.0 → 3.3.1 → 3.4.1 → 3.5.0 → 3.5.2
Update Image : SteelCentral Portal Update (ISO Image) Version 3.5.2 (12/21/2021)
New Install Image : SteelCentral Portal Virtual Edition for ESXi Version 3.5.2 (12/21/2021)
Portal Software Download Page : Link
Release Notes : 3.5.2
Example update path from 2.x to 3.5.1 is as follows :
2.0.0 → 2.1.0 → 2.2.1 → 3.0.2 → 3.1.1 → 3.2.0 → 3.3.1 → 3.4.1 → 3.5.0 → 3.5.1
A patch fix for CVE-2021-44228 is now available on the Support site as of Dec 16, 2021 at the following links:
Update Image : SteelCentral Portal Update (ISO Image) Version 3.5.1 (12/16/2021)
SteelCentral Portal 3.5.1 User Guide
New Install : SteelCentral Portal Virtual Edition for ESXi Version 3.5.1 (12/16/2021)
SteelCentral Portal 3.5.1 Installation Guide
Portal Software Download Page : Link
Release Notes : 3.5.1
A patch fix for CVE-2021-45046, CVE-2021-45105 is now available on the Support site as of Dec 21, 2021 at the following links:
Example update path from 2.x to 3.5.2 is as follows :
2.0.0 → 2.1.0 → 2.2.1 → 3.0.2 → 3.1.1 → 3.2.0 → 3.3.1 → 3.4.1 → 3.5.0 → 3.5.2
Update Image : SteelCentral Portal Update (ISO Image) Version 3.5.2 (12/21/2021)
New Install Image : SteelCentral Portal Virtual Edition for ESXi Version 3.5.2 (12/21/2021)
Portal Software Download Page : Link
Release Notes : 3.5.2
Note: 3.5.2 has all cumulative patch fixes to address CVE-2021-44228, CVE-2021-45046, CVE-2021-45105. It is not necessary to upgrade to 3.5.1
Related Bugs
Attachments
Related Files
NOTICE: Riverbed® product names have changed. Please refer to the Product List for a complete list of product names.
Can't find an answer? Create a case