HPE Community
HPE 3PAR StoreServ Storage
1753893 Members
7631 Online
108809 Solutions
New Discussion юеВ

Re: SSMC and log4j vulnerability

 
SOLVED
Go to solution
AerCapTeam
New Member

тАО12-17-2021 07:18 AM

тАО12-17-2021 07:18 AM

Re: SSMC and log4j vulnerability

Hi @sbhat09 ,

Can we get PM with solution, please.

Regards,

Alan

0 Kudos
Reply
sbhat09
HPE Pro

тАО12-17-2021 07:31 PM - edited тАО12-17-2021 07:41 PM

тАО12-17-2021 07:31 PM - edited тАО12-17-2021 07:41 PM

Solution

Re: SSMC and log4j vulnerability

GREAT NEWS!

The latest SSMC update version 3.8.2.1 is available for download - https://myenterpriselicense.hpe.com/cwp-ui/free-software/SSMC_CONSOLE

Regards,
Srinivas Bhat

If you feel this was helpful please click the KUDOS! thumb below!
Note: All of my comments are my own and are not any official representation of HPE.


I am an HPE Employee

Accept or Kudo

Reply
BBARBAROS
Advisor

тАО12-19-2021 07:40 AM

тАО12-19-2021 07:40 AM

Re: SSMC and log4j vulnerability

Do you know any upgrade issues/ problems about 3.82 or 3.8.2.1 ?

I`ve got 3.8.1 but no matter what I tried I cannot upgrade to 3.8.2.1...Package uploads, I start the upgrade but ssmc never reboots, it stays at 3.8.1  

0 Kudos
Reply
sbhat09
HPE Pro

тАО12-19-2021 09:30 AM

тАО12-19-2021 09:30 AM

Re: SSMC and log4j vulnerability

Hello @BBARBAROS,

That is strange though. Please ensure your system meets all the resource/networking/port/firewall requirements to install SSMC v3.8.2.1.

Is there any error you noticed after installing v3.8.2.1? What are the OS versions of the SSMC connected 3PAR systems? Can you please try to create a new VM and freshly instal the v3.8.21?

Regards,
Srinivas Bhat

If you feel this was helpful please click the KUDOS! thumb below!
Note: All of my comments are my own and are not any official representation of HPE.


I am an HPE Employee

Accept or Kudo

0 Kudos
Reply
BBARBAROS
Advisor

тАО12-19-2021 12:54 PM

тАО12-19-2021 12:54 PM

Re: SSMC and log4j vulnerability

3.8.2 and 3.8.2.1 are security updates installed on 3.8.0, not fresh installations.

I upgarded to 3.8.1 with no problem.

I don`t get any errors for 3.8.2/3.8.2.1. The upgrade process runs but nothing happens.

0 Kudos
Reply
andrewk4
Visitor

тАО12-19-2021 02:24 PM

тАО12-19-2021 02:24 PM

Re: SSMC and log4j vulnerability

Successfully upgraded to 3.8.2.1.9 (upgraded from 3.8.2.0.39) without issue.

Download .iso, log into SSMC admin and Upgrade with .star file

Is there any confirmation that 3.8.2.1 fixes the log4j vulnerability? I could not find any detailed release notes. Do we need to redo or undo anything if we had applied the workaround?

Thanks

0 Kudos
Reply
Bertram Stoeckler
HPE Pro

тАО12-19-2021 10:36 PM - edited тАО12-19-2021 11:36 PM

тАО12-19-2021 10:36 PM - edited тАО12-19-2021 11:36 PM

Re: SSMC and log4j vulnerability

Customers who have implemented the configuration change to mitigate the issue, which later were found to be incomplete do NOT need to revert anything. Upgrading to SSMC 3.8.2.1 fully fixes the reported issue.

Note that the version reported in the lower right corner after the upgrade will show "3.8.2.1.9"

 

I am an HPE Employee

Accept or Kudo

Reply
sbhat09
HPE Pro

тАО12-19-2021 10:40 PM

тАО12-19-2021 10:40 PM

Re: SSMC and log4j vulnerability

Hello @andrewk4,

My source of information (from developers) confirmed that SSMC 3.8.2.1 or above is safe against the current log4j vulnerability.

Though the release notes don't mention directly, it states that "the version includes important security fixes and adhere to NIST SP 800-53 guidelines". Please check the details of the guidelines for additional details.

Regards,
Srinivas Bhat

If you feel this was helpful please click the KUDOS! thumb below!
Note: All of my comments are my own and are not any official representation of HPE.


I am an HPE Employee

Accept or Kudo

0 Kudos
Reply
Bertram Stoeckler
HPE Pro

тАО12-20-2021 12:13 AM

тАО12-20-2021 12:13 AM

Re: SSMC and log4j vulnerability

SSMC with version 3.3.1 running as a service on windows is most likly impacted.

You should move to the appliance model and run with the latest version.

Note that the development of SSMC for windows has stopped with version 3.3.1 in April 2018.

Since then, no further fixes were implemented and the version therefore most likly has other missing security fixes as well.

HPE always recommends to update to the latest version,, or solution..

Hope that helps 

 

I am an HPE Employee

Accept or Kudo

0 Kudos
Reply
areus
Occasional Visitor

тАО12-20-2021 07:10 AM

тАО12-20-2021 07:10 AM

Re: SSMC and log4j vulnerability

And how can we move to the appliance model? I've inherited the administration of a 3PAR system and need to keep it running, but I have no idea how to replace the current SSMC with the latest SSMC that HPE is offering. Please advise.

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.