https://community.netapp.com/t5/VMware-Solutions-Discussions/CVE-2021-44228-Apache-Log4j-Vulnerability-in-NetApp-Products/m-p/430303#M9879 <P>Out of curiosity, were you applying this workaround?:<BR /><A href="https://kb.netapp.com/Advice_and_Troubleshooting/Data_Protection_and_Security/SnapCenter/SnapCenter_Plug-in_for_VMware_vSphere__-_CVE-2021-4428_Apache_Log4j_Vulnerability_-_Workaround" target="_blank">https://kb.netapp.com/Advice_and_Troubleshooting/Data_Protection_and_Security/SnapCenter/SnapCenter_Plug-in_for_VMware_vSphere__-_CVE-2021-4428_Apache_Log4j_Vulnerability_-_Workaround</A></P> Mon, 20 Dec 2021 17:03:27 GMT colsen 2021-12-20T17:03:27Z https://community.netapp.com/t5/VMware-Solutions-Discussions/CVE-2021-44228-Apache-Log4j-Vulnerability-in-NetApp-Products/m-p/430038#M9875 <P>NetApp's list of affected/not affected products is available here:</P><P><A href="https://security.netapp.com/advisory/ntap-20211210-0007/" target="_blank">CVE-2021-44228 Apache Log4j Vulnerability in NetApp Products | NetApp Product Security</A></P><P>&nbsp;</P><P>At this moment, here is the list of Affected Products:</P><UL><LI>Brocade SAN Navigator (SANnav)</LI><LI>Cloud Manager</LI><LI>ONTAP Tools for VMware vSphere</LI><LI>SnapCenter Plug-in for VMware vSphere</LI></UL> Wed, 04 Jun 2025 10:07:39 GMT https://community.netapp.com/t5/VMware-Solutions-Discussions/CVE-2021-44228-Apache-Log4j-Vulnerability-in-NetApp-Products/m-p/430038#M9875 Blissitt 2025-06-04T10:07:39Z https://community.netapp.com/t5/VMware-Solutions-Discussions/CVE-2021-44228-Apache-Log4j-Vulnerability-in-NetApp-Products/m-p/430039#M9876 <P>As far as the snapcenter plug-in. After completing the workaround that vmware provided for the vcenter 7, my snapcenter would no longer deploy. I implemented the workaround for the snapcenter and the plug in still wont deploy on the snapcenter. Any ideas or suggestions?</P><P>&nbsp;</P><P><SPAN>&nbsp;</SPAN><SPAN class="">Error deploying plug-in. org.apache.felix.resolver.reason.ReasonException: Unable to resolve /usr/lib/vmware-vsphere-ui/server/work/tmp/8066464305686214632com.netapp.scvm.webclient-4.5.0.6025788.esa/scvm_webui_service.jar: missing requirement org.apache.aries.subsystem.core.archive.ImportPackageRequirement: namespace=osgi.wiring.package, attributes={}, directives={filter=(&amp;(osgi.wiring.package=org.springframework.web.servlet.view.velocity)(version&gt;=0.0.0)), resolution=mandatory, uses=javax.servlet,javax.servlet.http,org.apache.velocity,org.apache.velocity.app,org.apache.velocity.context,org.apache.velocity.exception,org.apache.velocity.tools.generic,org.springframework.beans,org.springframework.beans.factory,org.springframework.context,org.springframework.ui.velocity,org.springframework.web.context,org.springframework.web.servlet.view}, resource=/usr/lib/vmware-vsphere-ui/server/work/tmp/8066464305686214632com.netapp.scvm.webclient-4.5.0.6025788.esa/scvm_webui_service.jar org.apache.felix.resolver.Candidates$MissingRequirementError.toException(Candidates.java:1340) org.apache.felix.resolver.Candidates$MissingRequirementError.toException(Candidates.java:1341) org.apache.felix.resolver.ResolverImpl.doResolve(ResolverImpl.java:433) org.apache.felix.resolver.ResolverImpl.resolve(ResolverImpl.java:420) org.apache.felix.resolver.ResolverImpl.resolve(ResolverImpl.java:413)</SPAN></P> Mon, 13 Dec 2021 23:30:41 GMT https://community.netapp.com/t5/VMware-Solutions-Discussions/CVE-2021-44228-Apache-Log4j-Vulnerability-in-NetApp-Products/m-p/430039#M9876 IA-joesmith 2021-12-13T23:30:41Z https://community.netapp.com/t5/VMware-Solutions-Discussions/CVE-2021-44228-Apache-Log4j-Vulnerability-in-NetApp-Products/m-p/430072#M9877 <P>I am missing&nbsp;Virtual Storage Console (VSC, VASA Provider, and SRA virtual appliance) from the list.<BR />Does it have a different name on the list?</P> Tue, 14 Dec 2021 20:12:57 GMT https://community.netapp.com/t5/VMware-Solutions-Discussions/CVE-2021-44228-Apache-Log4j-Vulnerability-in-NetApp-Products/m-p/430072#M9877 vcon 2021-12-14T20:12:57Z https://community.netapp.com/t5/VMware-Solutions-Discussions/CVE-2021-44228-Apache-Log4j-Vulnerability-in-NetApp-Products/m-p/430075#M9878 <P>The new product name is ONTAP Tools for VMware vSphere (at this moment, version 9.8P1, which may or may not have Log4j fixes - you'll have to check).&nbsp; It's the same product as&nbsp;Virtual Storage Console for VMware vSphere, but with some bug fixes and a better name.&nbsp; Unfortunately, NetApp didn't sufficiently advertise this change and I kept running the old 9.7 version until I lost five VMs on one of my vVols, likely due to those bugs which have since been addressed.&nbsp; I have since removed ONTAP Tools for VMware vSphere from my environment because VAAI now provides the Native Snapshots I wanted and I no longer needed vVols.&nbsp; I also wanted to reduce complexity.</P><P>&nbsp;</P><P>The upgrade from 9.7 to 9.8 was uneventful for me and the new version worked well while I ran it.&nbsp; If you want to upgrade to 9.8P1, maybe make sure that 9.8P1 is not "older" (by date) than the version you're upgrading from.</P> Tue, 14 Dec 2021 20:43:36 GMT https://community.netapp.com/t5/VMware-Solutions-Discussions/CVE-2021-44228-Apache-Log4j-Vulnerability-in-NetApp-Products/m-p/430075#M9878 Blissitt 2021-12-14T20:43:36Z https://community.netapp.com/t5/VMware-Solutions-Discussions/CVE-2021-44228-Apache-Log4j-Vulnerability-in-NetApp-Products/m-p/430303#M9879 <P>Out of curiosity, were you applying this workaround?:<BR /><A href="https://kb.netapp.com/Advice_and_Troubleshooting/Data_Protection_and_Security/SnapCenter/SnapCenter_Plug-in_for_VMware_vSphere__-_CVE-2021-4428_Apache_Log4j_Vulnerability_-_Workaround" target="_blank">https://kb.netapp.com/Advice_and_Troubleshooting/Data_Protection_and_Security/SnapCenter/SnapCenter_Plug-in_for_VMware_vSphere__-_CVE-2021-4428_Apache_Log4j_Vulnerability_-_Workaround</A></P> Mon, 20 Dec 2021 17:03:27 GMT https://community.netapp.com/t5/VMware-Solutions-Discussions/CVE-2021-44228-Apache-Log4j-Vulnerability-in-NetApp-Products/m-p/430303#M9879 colsen 2021-12-20T17:03:27Z https://community.netapp.com/t5/VMware-Solutions-Discussions/CVE-2021-44228-Apache-Log4j-Vulnerability-in-NetApp-Products/m-p/430874#M9882 <P>This is the affected products below:</P><H4>Affected Products</H4><UL><LI>Active IQ Unified Manager for Linux</LI><LI>Active IQ Unified Manager for Microsoft Windows</LI><LI>Active IQ Unified Manager for VMware vSphere</LI><LI>Brocade SAN Navigator (SANnav)</LI><LI>Cloud Insights Acquisition Unit</LI><LI>Cloud Manager</LI><LI>Cloud Secure Agent</LI><LI>NetApp SolidFire, Enterprise SDS &amp; HCI Storage Node (Element Software)</LI><LI>ONTAP Tools for VMware vSphere</LI><LI>OnCommand Insight</LI><LI>SnapCenter Plug-in for VMware vSphere</LI></UL><P>Can anyone confirm if FAS2650 - Release 9.2P1 is part of it? I don't know which product it belongs to.</P> Thu, 13 Jan 2022 07:08:04 GMT https://community.netapp.com/t5/VMware-Solutions-Discussions/CVE-2021-44228-Apache-Log4j-Vulnerability-in-NetApp-Products/m-p/430874#M9882 jcj112516 2022-01-13T07:08:04Z https://community.netapp.com/t5/VMware-Solutions-Discussions/CVE-2021-44228-Apache-Log4j-Vulnerability-in-NetApp-Products/m-p/430894#M9883 <P>That's part of:</P><P>Clustered Data ONTAP</P><P>Which is not affected</P><P>&nbsp;</P> Thu, 13 Jan 2022 16:03:23 GMT https://community.netapp.com/t5/VMware-Solutions-Discussions/CVE-2021-44228-Apache-Log4j-Vulnerability-in-NetApp-Products/m-p/430894#M9883 bretta 2022-01-13T16:03:23Z