Hello, everyone. This is from the GE team and I will go through the DS E 2021 265 with you today. It's talking about the Apache look for J remote code execution. VV, ce 2021 44228. VX rail manager is impacted by this vulnerability. And for full mitigation, you will need to apply workarounds for both P center and VX rail manager.
That's why in this TV, it's providing you with links to apply the work grounds in P center and VX rail. Today, we will talk a bit more about the V center side. If you click the link here, it will redirect you to VM. We QB 87081, please take a minute to read the entire key B before applying the workaround here. You can find the recommended way to apply the workaround for disability which is unified script.
The unified script is called VC look for J mitigator and this Python file can be downloaded from the attachments part in this KB. Mainly all you need to do is to download the script from here and use when S TB or any similar software to upload it to the V center, run it and validate the workaround has been applied directly and that's it. Let's see how it will work.
So we have logged normally to the uh the V external environment. We have. The first thing I will advise you to do is to take offline snapshot of the V center just to have a valid backup, we can revert to if needed. And I have used one CB to upload the script to the V center under attempt directory. We can see here the, the script just as an optional step.
You can see the impacted files in your V center using Python center. Look for jig to goodbye and dash R action. Keep it running for a while. It will take a minute or so and it will report how many files you have impact in your recent here. It says be found in back files. And the next step is to run the script without any option to actually do the er workaround.
We here say yes, it will run for a bit and I will pause it here and I will come back when it's all done. OK. So it took about five minutes to fully execute. And the next step here is to validate the workaround was done successfully by running the same script. But with the dashboard, a option, it will go through the files in the V center and validate the workaround was successfully done So this is the output we are looking for no vulnerable files er found and this means the workaround was successfully done.
The next step will be to validate the workaround was successfully done by running the same script using the dashboard option. It will take less time to validate the workaround and it should give us that the er no er files affect was found. Yes, this is the output we are looking for and after validating everything is good and the center is functioning well, we can remove this snapshot we took previously as it was still impacted by the ability. This includes our video for today.
Thank you very much for watching.