Patch configured bladelogic

If you do not have the latest files, then your network infrastructure might be using a web accelerator with cached content, and this could be the root cause of the issue. In multi-Role organizations that heavily utilize ACL Templates and Policies, it is possible to misconfigure so that the Role performing the Patch Analysis Job or simply looking inside of the Catalog does not see the expected patch. To validate that the patch actually exists in the Catalog, but does not have correct authorizations, check for the patch via RBACAdmin.

If the patch is found with incorrect authorizations, then this is the root cause of the problem and chances are that additional patches have the same issue. The root cause of why the incorrect authorizations existed will need to be reviewed separately. If your issue is still not resolved, collect the following information and file a ticket with BMC Support:.

Recently Viewed Pages. Hint: type "g" and then "r" to quickly open this menu. Server Automation Documentation. BMC is ready to help you.

Please send an inquiry via the appropriate links below. Knowledge Article Article Number. Old Article Number. Article Type. Solutions to a Product Problem. TrueSight Server Automation Suite. Applies to. If the patch does not show up in either of the above, then review the Remediation Job the job that generates the BlPackage and Deploy Job from the analysis results and see if there are any errors or any indication that the patch in question was added to the BlPackage.

If the patch was deployed to the target server then check if the server rebooted - some patches will require a reboot to show as installed. If they include the JndiLookup class, then they probably should. If in doubt, I'd patch. You could also reach out to Apache for input from their developers. If you haven't been reviewing this site, this would be a good place to start.

Is it possible to close the Vulnerability with a workaround sooner? Applications using only the log4j-api JAR file without the log4j-core JAR file are not impacted by this vulnerability. How can I remove the JndiLookup. For Products which do not yet have Patches or procedures are available, the following steps demonstrate how to identify Log4j JAR files and the commands to remove the "JndiLookup.

NOTE: The following commands demonstrate the process on Linux, though similar procedures could be implemented on Windows. Implementation-Title: Apache Log4j 1. Remove the "JndiLookup. The following command will remove the "JndiLookup. The following command will automatically remove the "JndiLookup. NOTE: This command also creates a backup copy of each JAR file, but the following step can be optionally run to remove these backup copies.

Puja Kumari The team is in the process of getting updates and verifying. If you have an attachment such as a screenshot or other documentation that may be helpful, add it here. Allowed file types: All File types. Dec 16, KB pdf. Dec 16, 10 KB png. Dec 16, KB png. This content is only visible in Builder, but necessary to trigger the 'Ask a Question' modal. Impacted On-prem products Note: Please ensure that you are logged in to access the fixes and workarounds.

Sort by:. Search this feed Skip Feed View This Post. Log In to Comment. View This Post. This content is a preview of a link. Marcos Gonzalez likes this.