- Community Home
- >
- Storage
- >
- HPE SimpliVity
- >
- log4j vulnerability in OmniStack itself?
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-20-2021 11:28 PM - last edited on 01-04-2022 12:05 AM by support_s
12-20-2021 11:28 PM - last edited on 01-04-2022 12:05 AM by support_s
log4j vulnerability in OmniStack itself?
Hello,
i am a bit curious as there is only the thread about the vcenter here in the forum.
According to security bulletin hpesbgn04215en_us it seems all OmniStacks versions are affected from this issue.
https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04215en_us
Sure, there must be some kind of word or workaround about it?
Hoping for the workaround instructions. Change the log4j config if required in the OmniStack and restart the service?
Am i just missing the correct thread?
Still several weeks before we can get rid of the legacy Hardware ...
Regards,
El
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-21-2021 12:29 AM
12-21-2021 12:29 AM
Query: log4j vulnerability in OmniStack itself?
System recommended content:
If the above information is helpful, then please click on "Thumbs Up/Kudo" icon.
Thank you for being a HPE community member.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-21-2021 01:10 AM
12-21-2021 01:10 AM
Re: Query: log4j vulnerability in OmniStack itself?
So are you saying that inside every omnistack there is an Ezmeral Container Plattform running?
How would one access the container running inside the OmniStack VM Ezmeral Container Plattform?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-23-2021 01:46 AM
12-23-2021 01:46 AM
Re: Query: log4j vulnerability in OmniStack itself?
I also think that there should be more transparency from HPE about the way SimpliVity is affected by the log4j bug is and what steps will be taken to mitigate the issue for SimpliVity.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-04-2022 12:03 AM
01-04-2022 12:03 AM
Re: Query: log4j vulnerability in OmniStack itself?
Hello,
I would recommend to directly contact technical support and log a support call for more clarity on this. Please refer the links below for support ticket options:
https://support.hpe.com/help/en/Content/supportAndOtherResources.html
https://www.hpe.com/psnow/doc/A00039121ENW
Thanks,
Parvez_Admin
I work for HPE
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-04-2022 12:44 AM
01-04-2022 12:44 AM
Re: Query: log4j vulnerability in OmniStack itself?
HPE has a Security Bulletin with all affected software for log4j:
https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04215en_us
SimpliVity is on that list. There is is also a specific SimpliVity support alert if you at the above page:
https://support.hpe.com/hpesc/public/docDisplay?docId=emr_na-a00120260en_us
So, it seems that SimpliVity is affected by the log4j bug, because vCenter is affected. That seems logical, because you need vCenter for managing SimpliVIty.
But how difficult can it be to add a few lines to the above article that the other SimpliVity software components (like the OVC's) are not affected by the log4j bug? It would prevent a lot of support tickets towards HPE.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-04-2022 05:43 AM
01-04-2022 05:43 AM
Re: Query: log4j vulnerability in OmniStack itself?
After much effort by our supporting engineers it was decided that the VMware vCenter patch for the log4j security problem is acceptable and compatable. SimpliVity is NOT affected, as SimpliVity does not use log4j . The VMware OS that is being used with the SimpliVity was what was affected. The SimpliVity configurations were put on the security bulletin for that reason.
Applying the VMware vCenter patch is the SimpliVity solution to ther Apache log4j(*) security issues.
While I am an HPE Employee, all of my comments (whether noted or not), are my own and are not any official representation of the company
