https://community.netapp.com/t5/ONTAP-Discussions/log4j-advisory-VSC-9-7-x/m-p/430278#M39677 <P>It's affected, this is the workaround:</P><P><A href="https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/VSC_and_VASA_Provider/ONTAP_tools_for_VMWare_vSphere_(VSC)_-_CVE-2021-44228_Apache_Log4j_Vulnerability_-_Workaround" target="_blank">ONTAP tools for VMWare vSphere (VSC) - CVE-2021-44228 Apache Log4j Vulnerability - Workaround - NetApp Knowledge Base</A></P> Sun, 19 Dec 2021 22:47:46 GMT Ontapforrum 2021-12-19T22:47:46Z https://community.netapp.com/t5/ONTAP-Discussions/log4j-advisory-VSC-9-7-x/m-p/430136#M39645 <P>Hi NetApp,</P><P>&nbsp;</P><P>Could you provide more clarity on the list of 'Affected Products' mentioned in the log4j advisory.</P><P>&nbsp;</P><P>My query is specifically for 'Virtual Storage Console'. In the following weblink, it mentions 'ONTAP Tools for VMware vSphere' as affected product, which is a new name for VSC from 9.8 onwards. VSC's last version is 9.7.x.</P><P><BR />Does this vulnerability only applies to 'ONTAP Tools for VMware vSphere' (which is 9.8 onwards) ?<BR /><A href="https://security.netapp.com/advisory/ntap-20211210-0007/" target="_blank">https://security.netapp.com/advisory/ntap-20211210-0007/</A></P><P><BR />Many thanks!</P> Wed, 04 Jun 2025 10:07:19 GMT https://community.netapp.com/t5/ONTAP-Discussions/log4j-advisory-VSC-9-7-x/m-p/430136#M39645 Ontapforrum 2025-06-04T10:07:19Z https://community.netapp.com/t5/ONTAP-Discussions/log4j-advisory-VSC-9-7-x/m-p/430166#M39652 <P>I will check with PSIRT and get an update. Good question.</P><P>&nbsp;</P> Thu, 16 Dec 2021 14:14:30 GMT https://community.netapp.com/t5/ONTAP-Discussions/log4j-advisory-VSC-9-7-x/m-p/430166#M39652 paul_stejskal 2021-12-16T14:14:30Z https://community.netapp.com/t5/ONTAP-Discussions/log4j-advisory-VSC-9-7-x/m-p/430171#M39655 <P>Assume it is affected. Also end of version support was Oct 20 for 9.7.1, so you should upgrade anyway.</P><P><A href="https://mysupport.netapp.com/site/info/version-support" target="_blank">https://mysupport.netapp.com/site/info/version-support</A></P> Thu, 16 Dec 2021 14:18:48 GMT https://community.netapp.com/t5/ONTAP-Discussions/log4j-advisory-VSC-9-7-x/m-p/430171#M39655 paul_stejskal 2021-12-16T14:18:48Z https://community.netapp.com/t5/ONTAP-Discussions/log4j-advisory-VSC-9-7-x/m-p/430278#M39677 <P>It's affected, this is the workaround:</P><P><A href="https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/VSC_and_VASA_Provider/ONTAP_tools_for_VMWare_vSphere_(VSC)_-_CVE-2021-44228_Apache_Log4j_Vulnerability_-_Workaround" target="_blank">ONTAP tools for VMWare vSphere (VSC) - CVE-2021-44228 Apache Log4j Vulnerability - Workaround - NetApp Knowledge Base</A></P> Sun, 19 Dec 2021 22:47:46 GMT https://community.netapp.com/t5/ONTAP-Discussions/log4j-advisory-VSC-9-7-x/m-p/430278#M39677 Ontapforrum 2021-12-19T22:47:46Z