DSA-2021-289: Dell EMC Cloud Disaster Recovery Security Update for Apache Log4j Remote Code Execution Vulnerability
Summary: Dell EMC Cloud Disaster Recovery remediation is available for the Apache Log4j Remote Code Execution Vulnerability that may be exploited by malicious users to compromise the affected system. Dell recommends implementing this remediation as soon as possible in light of the critical severity of the vulnerability. ...
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Impact
Critical
Details
| Third-party Component | CVEs | More information |
| Apache Log4j | CVE-2021-44228 | Apache Log4j Remote Code Execution  |
| CVE-2021-45046 | ||
| CVE-2021-45105 | ||
| CVE-2021-44832 |
| Third-party Component | CVEs | More information |
| Apache Log4j | CVE-2021-44228 | Apache Log4j Remote Code Execution |
| CVE-2021-45046 | ||
| CVE-2021-45105 | ||
| CVE-2021-44832 |
Affected Products & Remediation
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2021-44228 CVE-2021-45046 |
Dell EMC Cloud Disaster Recovery |
19.6.x 19.7.x 19.8.x 19.9.x |
19.6.0.3 19.7.0.3 19.8.0.7 19.9.0.4 |
https://www.dell.com/support/home/en-in/product-support/product/data-domain-cloud-dr-for-avamar/drivers |
| CVE-2021-45105 CVE-2021-44832 |
19.6.x 19.7.x 19.8.x 19.9.x |
19.8.0.7 19.9.0.4 |
Note: Dell Technologies strongly recommends customers to upgrade to CDR versions 19.9.0.4 and 19.8.0.7 to leverage the latest Log4J fixes.
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2021-44228 CVE-2021-45046 |
Dell EMC Cloud Disaster Recovery |
19.6.x 19.7.x 19.8.x 19.9.x |
19.6.0.3 19.7.0.3 19.8.0.7 19.9.0.4 |
https://www.dell.com/support/home/en-in/product-support/product/data-domain-cloud-dr-for-avamar/drivers |
| CVE-2021-45105 CVE-2021-44832 |
19.6.x 19.7.x 19.8.x 19.9.x |
19.8.0.7 19.9.0.4 |
Note: Dell Technologies strongly recommends customers to upgrade to CDR versions 19.9.0.4 and 19.8.0.7 to leverage the latest Log4J fixes.
Workarounds & Mitigations
Workarounds and Mitigations provided below are applicable only for versions 19.6.0.3 and 19.7.0.3.
For CDRA - On premise virtual machine:
-
SSH to CDRA VM using cdr user.
- Create cdra_log4jfix.sh in /tmp/ directory with the following content:
#! /bin/sh
cdr_backup()
{
mkdir -p /tmp/cdr_backup
cp /home/cdr/cdra/lib/cdra_main.jar /tmp/cdr_backup/cdra_main.jar.bak
cp /home/cdr/cdra/resources/restore/restore_vm.jar /tmp/cdr_backup/restore_vm.jar.bak
}
update_executable()
{
echo "Updating CDRA executable."
sed -i 's/=CDRS/=CDRS -Dlog4j2.formatMsgNoLookups=true/g' /home/cdr/cdra/executable
}
update_restore_vm()
{
echo "Updating restore_vm.jar."
cd /home/cdr/cdra/resources/restore
zip -q -d restore_vm.jar org/apache/logging/log4j/core/lookup/JndiLookup.class
zip -q -d restore_vm.jar shadow/org/apache/logging/log4j/core/lookup/JndiLookup.class
}
update_cdra_main()
{
echo "Updating cdra_main.jar."
LOG4J_JAR_FILE_LOCATION=BOOT-INF/lib/log4j-core-2.13.2.jar
echo "Stopping CDR service."
sudo service cdra stop
cd /home/cdr/cdra/lib/
mkdir -p BOOT-INF/lib
unzip -p cdra_main.jar $LOG4J_JAR_FILE_LOCATION > $LOG4J_JAR_FILE_LOCATION
zip -q -d $LOG4J_JAR_FILE_LOCATION org/apache/logging/log4j/core/lookup/JndiLookup.class
zip -u -0 -n *.jar cdra_main.jar $LOG4J_JAR_FILE_LOCATION
rm -rf BOOT-INF
echo "Starting CDR service. This may take a few minutes."
sudo service cdra start
for i in {1..10}
do
sleep 30
echo "Checking CDR service status..."
RESP_CODE=$(curl -kfsL -o /dev/null -w '%{http_code}' -X GET https://localhost/rest/cdr-version -H "accept: application/json")
if [[ "$RESP_CODE" == 200 ]]; then
echo "CDR service started successfully."
return 0
fi
done
echo "Failed to run CDR service. Please contact Dell Support."
exit 1
}
main()
{
CDR_VER=$(curl -s -X GET https://localhost/rest/cdr-version -H "accept: application/json" -k)
echo "CDR version is : $CDR_VER"
if [[ $CDR_VER =~ 19\.[6-9] ]]; then
cdr_backup
update_executable
update_restore_vm
update_cdra_main
else
echo "log4j workaround is required only for CDR versions between 19.6 and 19.9."
exit 0
fi
rm -rf /tmp/cdr_backup
}
main
cdr_backup()
{
mkdir -p /tmp/cdr_backup
cp /home/cdr/cdra/lib/cdra_main.jar /tmp/cdr_backup/cdra_main.jar.bak
cp /home/cdr/cdra/resources/restore/restore_vm.jar /tmp/cdr_backup/restore_vm.jar.bak
}
update_executable()
{
echo "Updating CDRA executable."
sed -i 's/=CDRS/=CDRS -Dlog4j2.formatMsgNoLookups=true/g' /home/cdr/cdra/executable
}
update_restore_vm()
{
echo "Updating restore_vm.jar."
cd /home/cdr/cdra/resources/restore
zip -q -d restore_vm.jar org/apache/logging/log4j/core/lookup/JndiLookup.class
zip -q -d restore_vm.jar shadow/org/apache/logging/log4j/core/lookup/JndiLookup.class
}
update_cdra_main()
{
echo "Updating cdra_main.jar."
LOG4J_JAR_FILE_LOCATION=BOOT-INF/lib/log4j-core-2.13.2.jar
echo "Stopping CDR service."
sudo service cdra stop
cd /home/cdr/cdra/lib/
mkdir -p BOOT-INF/lib
unzip -p cdra_main.jar $LOG4J_JAR_FILE_LOCATION > $LOG4J_JAR_FILE_LOCATION
zip -q -d $LOG4J_JAR_FILE_LOCATION org/apache/logging/log4j/core/lookup/JndiLookup.class
zip -u -0 -n *.jar cdra_main.jar $LOG4J_JAR_FILE_LOCATION
rm -rf BOOT-INF
echo "Starting CDR service. This may take a few minutes."
sudo service cdra start
for i in {1..10}
do
sleep 30
echo "Checking CDR service status..."
RESP_CODE=$(curl -kfsL -o /dev/null -w '%{http_code}' -X GET https://localhost/rest/cdr-version -H "accept: application/json")
if [[ "$RESP_CODE" == 200 ]]; then
echo "CDR service started successfully."
return 0
fi
done
echo "Failed to run CDR service. Please contact Dell Support."
exit 1
}
main()
{
CDR_VER=$(curl -s -X GET https://localhost/rest/cdr-version -H "accept: application/json" -k)
echo "CDR version is : $CDR_VER"
if [[ $CDR_VER =~ 19\.[6-9] ]]; then
cdr_backup
update_executable
update_restore_vm
update_cdra_main
else
echo "log4j workaround is required only for CDR versions between 19.6 and 19.9."
exit 0
fi
rm -rf /tmp/cdr_backup
}
main
- Run the following commands:
-
dos2unix /tmp/cdra_log4jfix.sh
-
chmod +x /tmp/cdra_log4jfix.sh
-
sudo /tmp/cdra_log4jfix.sh
For CDRS Deployed on cloud (AWS, AZURE, AWS GOV, or AZURE GOV)
-
Log in to the CDRS VM over SSH. For assistance in accessing CDRS over SSH, contact Dell Support.
- Create cdrs_log4jfix.sh in /tmp/ directory with the following content:
#! /bin/sh
cdr_backup()
{
mkdir -p /tmp/cdr_backup
cp /home/cdr/executable /tmp/cdr_backup/executable.bak
cp /home/cdr/resources/restore_service.tar.gz /tmp/cdr_backup/restore_service.tar.gz.bak
cp /home/cdr/lib/cdrs_main.jar /tmp/cdr_backup/cdrs_main.jar.bak
}
update_executable()
{
echo "Updating CDRS executable."
sed -i 's/=CDRS/=CDRS -Dlog4j2.formatMsgNoLookups=true/g' /home/cdr/executable
}
update_restore_service()
{
L_CDR_VER=$1
echo "Updating restore_service.jar."
BASE_PATH=/home/cdr/resources
cd $BASE_PATH
gunzip restore_service.tar.gz
tar -xvf restore_service.tar lib_${L_CDR_VER}/restore_service.jar
if [[ ${L_CDR_VER} =~ 19\.[6-9] ]]; then
zip -q -d lib_${L_CDR_VER}/restore_service.jar shadow/org/apache/logging/log4j/core/lookup/JndiLookup.class
fi
zip -q -d lib_${L_CDR_VER}/restore_service.jar org/apache/logging/log4j/core/lookup/JndiLookup.class
tar --delete -f restore_service.tar lib_${L_CDR_VER}/restore_service.jar
tar -uf restore_service.tar lib_${L_CDR_VER}/restore_service.jar
rm -rf lib_${L_CDR_VER}
gzip restore_service.tar
}
update_cdrs_main()
{
echo "Updating cdrs_main.jar."
LOG4J_JAR_FILE_LOCATION=BOOT-INF/lib/log4j-core-2.13.2.jar
echo "Stopping CDR service."
sudo service cdrd stop
cd /home/cdr/lib/
mkdir -p BOOT-INF/lib
unzip -p cdrs_main.jar $LOG4J_JAR_FILE_LOCATION > $LOG4J_JAR_FILE_LOCATION
zip -q -d $LOG4J_JAR_FILE_LOCATION org/apache/logging/log4j/core/lookup/JndiLookup.class
zip -u -0 -n *.jar cdrs_main.jar $LOG4J_JAR_FILE_LOCATION
rm -rf BOOT-INF
echo "Starting CDR service. This may take a few minutes."
sudo service cdrd start
for i in {1..10}
do
sleep 30
echo "Checking CDR service status..."
RESP_CODE=$(curl -kfsL -o /dev/null -w '%{http_code}' -X GET https://localhost/rest/cdr-version -H "accept: application/json")
if [[ "$RESP_CODE" == 200 ]]; then
echo "CDR service started successfully."
return 0
fi
done
echo "Failed to run CDR service. Please contact Dell Support."
exit 1
}
main()
{
cdr_backup
CDR_VER=$(curl -s -X GET https://localhost/rest/cdr-version -H "accept: application/json" -k)
echo "CDR version is : $CDR_VER"
if [[ $CDR_VER =~ 19\.[6-9] ]]; then
update_executable
update_restore_service $CDR_VER
update_cdrs_main
elif ([[ $CDR_VER =~ 19\.[2-5] ]] || [[ $CDR_VER =~ 19\.1\.[0-9] ]]); then
update_restore_service $CDR_VER
else
echo "This script is applicable only for CDR versions between 19.1 and 19.9."
exit 1
fi
rm -rf /tmp/cdr_backup
}
main
-
Run the following commands:
- dos2unix /tmp/cdrs_log4jfix.sh
- chmod +x /tmp/cdrs_log4jfix.sh
- sudo /tmp/cdrs_log4jfix.sh
Revision History
| Revision | Date | Description |
| 1.0 | 2021-12-20 | Initial Release. |
| 2.0 | 2021-12-22 | Updated workaround |
| 3.0 | 2021-01-10 | Added CVE-2021-45105 |
| 4.0 | 2022-02-08 | Added CVE-2021-44832 |
Related Information
Legal Disclaimer
Affected Products
Cloud Disaster RecoveryArticle Properties
Article Number: 000194663
Article Type: Dell Security Advisory
Last Modified: 05 Nov 2025
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.