- Community Home
- >
- Storage
- >
- Midrange and Enterprise Storage
- >
- HPE 3PAR StoreServ Storage
- >
- Re: SSMC and log4j vulnerability
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-17-2021 07:18 AM
12-17-2021 07:18 AM
Re: SSMC and log4j vulnerability
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-17-2021 07:31 PM - edited 12-17-2021 07:41 PM
12-17-2021 07:31 PM - edited 12-17-2021 07:41 PM
SolutionGREAT NEWS!
The latest SSMC update version 3.8.2.1 is available for download - https://myenterpriselicense.hpe.com/cwp-ui/free-software/SSMC_CONSOLE
Regards,
Srinivas Bhat
If you feel this was helpful please click the KUDOS! thumb below!
Note: All of my comments are my own and are not any official representation of HPE.
I am an HPE Employee
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-19-2021 07:40 AM
12-19-2021 07:40 AM
Re: SSMC and log4j vulnerability
Do you know any upgrade issues/ problems about 3.82 or 3.8.2.1 ?
I`ve got 3.8.1 but no matter what I tried I cannot upgrade to 3.8.2.1...Package uploads, I start the upgrade but ssmc never reboots, it stays at 3.8.1
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-19-2021 09:30 AM
12-19-2021 09:30 AM
Re: SSMC and log4j vulnerability
Hello @BBARBAROS,
That is strange though. Please ensure your system meets all the resource/networking/port/firewall requirements to install SSMC v3.8.2.1.
Is there any error you noticed after installing v3.8.2.1? What are the OS versions of the SSMC connected 3PAR systems? Can you please try to create a new VM and freshly instal the v3.8.21?
Regards,
Srinivas Bhat
If you feel this was helpful please click the KUDOS! thumb below!
Note: All of my comments are my own and are not any official representation of HPE.
I am an HPE Employee
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-19-2021 12:54 PM
12-19-2021 12:54 PM
Re: SSMC and log4j vulnerability
3.8.2 and 3.8.2.1 are security updates installed on 3.8.0, not fresh installations.
I upgarded to 3.8.1 with no problem.
I don`t get any errors for 3.8.2/3.8.2.1. The upgrade process runs but nothing happens.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-19-2021 02:24 PM
12-19-2021 02:24 PM
Re: SSMC and log4j vulnerability
Successfully upgraded to 3.8.2.1.9 (upgraded from 3.8.2.0.39) without issue.
Download .iso, log into SSMC admin and Upgrade with .star file
Is there any confirmation that 3.8.2.1 fixes the log4j vulnerability? I could not find any detailed release notes. Do we need to redo or undo anything if we had applied the workaround?
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-19-2021 10:36 PM - edited 12-19-2021 11:36 PM
12-19-2021 10:36 PM - edited 12-19-2021 11:36 PM
Re: SSMC and log4j vulnerability
Customers who have implemented the configuration change to mitigate the issue, which later were found to be incomplete do NOT need to revert anything. Upgrading to SSMC 3.8.2.1 fully fixes the reported issue.
Note that the version reported in the lower right corner after the upgrade will show "3.8.2.1.9"
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-19-2021 10:40 PM
12-19-2021 10:40 PM
Re: SSMC and log4j vulnerability
Hello @andrewk4,
My source of information (from developers) confirmed that SSMC 3.8.2.1 or above is safe against the current log4j vulnerability.
Though the release notes don't mention directly, it states that "the version includes important security fixes and adhere to NIST SP 800-53 guidelines". Please check the details of the guidelines for additional details.
Regards,
Srinivas Bhat
If you feel this was helpful please click the KUDOS! thumb below!
Note: All of my comments are my own and are not any official representation of HPE.
I am an HPE Employee
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-20-2021 12:13 AM
12-20-2021 12:13 AM
Re: SSMC and log4j vulnerability
SSMC with version 3.3.1 running as a service on windows is most likly impacted.
You should move to the appliance model and run with the latest version.
Note that the development of SSMC for windows has stopped with version 3.3.1 in April 2018.
Since then, no further fixes were implemented and the version therefore most likly has other missing security fixes as well.
HPE always recommends to update to the latest version,, or solution..
Hope that helps
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-20-2021 07:10 AM
12-20-2021 07:10 AM
Re: SSMC and log4j vulnerability
And how can we move to the appliance model? I've inherited the administration of a 3PAR system and need to keep it running, but I have no idea how to replace the current SSMC with the latest SSMC that HPE is offering. Please advise.