PowerFlex 3.X: How To Remediate Apache Log4j Security Vulnerability In Gateway And Presentation Server

Summary: There is a security vulnerability in the log4j files that are contained on both the PowerFlex Gateway and Presentation Server. This article describes the steps to take to work around the issue. ...

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Instructions

Implement the following workaround on the PowerFlex Presentation server operating system:

Option 1:

  1. Download the .zip file "log4j-2.17.1-presentation_server_mitigation.zip " from the PowerFlex support site: https://www.dell.com/support/home/en-us/product-support/product/scaleio/drivers
Note: This requires login permissions to https://www.dell.com/support
  1. SSH to the presentation server and login with the relevant credentials Copy the .zip using SCP or WinSCP to the folder that you are logged into.
For RHEL or CentOS 6, 7, or 8, SLES15.x, and Ubuntu 18/20, use the below changes to mitigate this security vulnerability:
  • For PowerFlex 3.6 or 3.5, run the following steps:
    1. Check that the files are under the following location: ls /opt/emc/scaleio/mgmt-server/lib/ |grep log4.
    2. Run the following commands to remove: 
rm /opt/emc/scaleio/mgmt-server/lib/log4j-*
unzip log4j-2.17.1-presentation_server_mitigation.zip -d /opt/emc/scaleio/mgmt-server/lib
Note: if you do not have to unzip on the operating system you can use tar -xvf <zip file> or install unzip. 
chown mgmt-server /opt/emc/scaleio/mgmt-server/lib/log4j*
chgrp mgmt-server /opt/emc/scaleio/mgmt-server/lib/log4j*

After finishing the configuration steps:
  • If you are running on a system with SELinux enabled, run the following command:
restorecon -Fv /opt/emc/scaleio/mgmt-server/lib/log4j*

For PowerFlex 3.6 with RHEL 7.x or 8.x, SLES, and Ubuntu, follow the below step:
  1. Use the following command to restart the mgmt-server service (for all versions above):
systemctl restart mgmt-server
  • For PowerFlex 3.6 with RHEL 6.x, follow the below step:
    1. Use the following commands to restart the service:
initctl stop mgmt-server
initctl start mgmt-server
  • For PowerFlex 3.5 on RHEL 7.x or 8.x, follow the below steps:
  1. Use the following command to reload the daemon configuration files:
systemctl daemon-reload
  1. Use the following command to restart the mgmt-server service:
systemctl restart mgmt-server.service

This allows the parameter to be read in properly. If you restart the service without reloading the daemon configuration files, it uses what is in memory and you are not using the parameter change.
  • For PowerFlex 3.5 on RHEL 6.x, follow the below step:
    1. Use the following commands to restart the service:
initctl stop mgmt-server
initctl start mgmt-server

At this point, logging is still enabled, and the vulnerability is contained. The log4j files can also be moved or deleted on the presentation server as a different workaround, but this stops logging for the presentation server. All configuration changes are still logged with the MDM and the trace logs there.

Option 2:

  • Remove Log4j files from the operating system using the following steps:
Note: This option removes the presentation server logging capability, but the MDM event logging continues to function and register Cluster events.

Run the following command: 
rm -f /opt/emc/scaleio/mgmt-server/lib/log4j*

After finishing the configuration steps:
  • For PowerFlex 3.6 with RHEL 7.x or 8.x, follow the below step:
    1. Use the following command to restart the mgmt-server service (for all versions above):
systemctl restart mgmt-server
  • For PowerFlex 3.6 with RHEL 6.x, follow the below step:
    1. Use the following commands to restart the service:
initctl stop mgmt-server
initctl start mgmt-server
  • For PowerFlex 3.5 on RHEL 7.x or 8.x, follow the below steps:
    1. Use the following command to reload the daemon configuration files:
systemctl daemon-reload
  1. Use the following command to restart the mgmt-server service:
systemctl daemon-reload

This allows the new jar to be reloaded. If you restart the service without reloading the daemon configuration files, it uses what is in memory and you are not using the change.
  • For PowerFlex 3.5 on RHEL 6.x, follow the below step:
    1. Use the following commands to restart the service:
initctl stop mgmt-server
initctl start mgmt-server


At this point, logging is not enabled, and the vulnerability is contained.

Affected Products

PowerFlex rack, PowerFlex Appliance, PowerFlex Software
Article Properties
Article Number: 000194498
Article Type: How To
Last Modified: 19 Nov 2025
Version:  8
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.