LoginSignup
1
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 3 years have passed since last update.

@ama7650(ama7650)

vCenter Server 6.5 (Windows版)で vc_log4j_mitigator.py を実行した結果

Posted at 
c:\>"%VMWARE_PYTHON_PATH%" vc_log4j_mitigator.py -r
2021-12-23T15:11:29 INFO main: Script version: 1.6.0
2021-12-23T15:11:29 INFO main: vCenter type: Version: 6.5.0.64300; Build: 15259038; Deployment type: embedded; Gateway: False; VCHA: False; Windows: True;
2021-12-23T15:11:29 INFO main: Running in dryrun mode.
2021-12-23T15:11:32 INFO process_jar: Found a VULNERABLE FILE: C:\Program Files\VMware\vCenter Server\cm\lib\log4j-core.jar
2021-12-23T15:11:34 INFO process_jar: Found a VULNERABLE FILE: C:\Program Files\VMware\vCenter Server\common-jars\log4j-core-2.11.2.jar
2021-12-23T15:11:46 INFO process_jar: Found a VULNERABLE FILE: C:\Program Files\VMware\vCenter Server\VMware Identity Services\log4j-core-2.11.2.jar
2021-12-23T15:11:47 INFO process_jar: Found a VULNERABLE FILE: c:\users\admini~1\appdata\local\temp\tmpre_owb\WEB-INF\lib\log4j-core-2.11.2.jar
2021-12-23T15:11:47 INFO process_war: Found a VULNERABLE WAR file with: C:\Program Files\VMware\vCenter Server\VMware Identity Services\Tomcat\web-apps\afd.war
2021-12-23T15:11:48 INFO process_jar: Found a VULNERABLE FILE: c:\users\admini~1\appdata\local\temp\tmprnbtdi\WEB-INF\lib\log4j-core-2.11.2.jar
2021-12-23T15:11:48 INFO process_war: Found a VULNERABLE WAR file with: C:\Program Files\VMware\vCenter Server\VMware Identity Services\Tomcat\web-apps\idm.war
2021-12-23T15:11:49 INFO process_jar: Found a VULNERABLE FILE: c:\users\admini~1\appdata\local\temp\tmpca9utk\WEB-INF\lib\log4j-core-2.11.2.jar
2021-12-23T15:11:49 INFO process_war: Found a VULNERABLE WAR file with: C:\Program Files\VMware\vCenter Server\VMware Identity Services\Tomcat\web-apps\lookupservice.war
2021-12-23T15:11:50 INFO process_jar: Found a VULNERABLE FILE: c:\users\admini~1\appdata\local\temp\tmptkeimi\WEB-INF\lib\log4j-core-2.11.2.jar
2021-12-23T15:11:50 INFO process_war: Found a VULNERABLE WAR file with: C:\Program Files\VMware\vCenter Server\VMware Identity Services\Tomcat\web-apps\openidconnect.war
2021-12-23T15:11:51 INFO process_jar: Found a VULNERABLE FILE: c:\users\admini~1\appdata\local\temp\tmpp9z8o3\WEB-INF\lib\log4j-core-2.11.2.jar
2021-12-23T15:11:51 INFO process_war: Found a VULNERABLE WAR file with: C:\Program Files\VMware\vCenter Server\VMware Identity Services\Tomcat\web-apps\sso-adminserver.war
2021-12-23T15:11:53 INFO process_jar: Found a VULNERABLE FILE: c:\users\admini~1\appdata\local\temp\tmpjeqf4q\WEB-INF\lib\log4j-core-2.11.2.jar
2021-12-23T15:11:54 INFO process_war: Found a VULNERABLE WAR file with: C:\Program Files\VMware\vCenter Server\VMware Identity Services\Tomcat\web-apps\sts.war
2021-12-23T15:11:55 INFO process_jar: Found a VULNERABLE FILE: c:\users\admini~1\appdata\local\temp\tmpcftjgb\WEB-INF\lib\log4j-core-2.11.2.jar
2021-12-23T15:11:55 INFO process_war: Found a VULNERABLE WAR file with: C:\Program Files\VMware\vCenter Server\VMware Identity Services\Tomcat\web-apps\websso.war
2021-12-23T15:12:08 INFO process_jar: Found a VULNERABLE FILE: c:\users\admini~1\appdata\local\temp\tmp3kveld\WEB-INF\lib\log4j-core-2.11.2.jar
2021-12-23T15:12:09 INFO process_war: Found a VULNERABLE WAR file with: C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\afd.war
2021-12-23T15:12:09 INFO process_jar: Found a VULNERABLE FILE: c:\users\admini~1\appdata\local\temp\tmpy7rgrz\WEB-INF\lib\log4j-core-2.11.2.jar
2021-12-23T15:12:10 INFO process_war: Found a VULNERABLE WAR file with: C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\idm.war
2021-12-23T15:12:10 INFO process_jar: Found a VULNERABLE FILE: c:\users\admini~1\appdata\local\temp\tmpa5xhhv\WEB-INF\lib\log4j-core-2.11.2.jar
2021-12-23T15:12:10 INFO process_war: Found a VULNERABLE WAR file with: C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\lookupservice.war
2021-12-23T15:12:11 INFO process_jar: Found a VULNERABLE FILE: c:\users\admini~1\appdata\local\temp\tmpsxq8cw\WEB-INF\lib\log4j-core-2.11.2.jar
2021-12-23T15:12:11 INFO process_war: Found a VULNERABLE WAR file with: C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\openidconnect.war
2021-12-23T15:12:12 INFO process_jar: Found a VULNERABLE FILE: c:\users\admini~1\appdata\local\temp\tmppgstse\WEB-INF\lib\log4j-core-2.11.2.jar
2021-12-23T15:12:13 INFO process_war: Found a VULNERABLE WAR file with: C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\sso-adminserver.war
2021-12-23T15:12:14 INFO process_jar: Found a VULNERABLE FILE: c:\users\admini~1\appdata\local\temp\tmpf0ez_t\WEB-INF\lib\log4j-core-2.11.2.jar
2021-12-23T15:12:15 INFO process_war: Found a VULNERABLE WAR file with: C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\sts.war
2021-12-23T15:12:16 INFO process_jar: Found a VULNERABLE FILE: c:\users\admini~1\appdata\local\temp\tmpffxzmu\WEB-INF\lib\log4j-core-2.11.2.jar
2021-12-23T15:12:17 INFO process_war: Found a VULNERABLE WAR file with: C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\websso.war
2021-12-23T15:12:17 INFO process_jar: Found a VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\afd\WEB-INF\lib\log4j-core-2.11.2.jar
2021-12-23T15:12:18 INFO process_jar: Found a VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\idm\WEB-INF\lib\log4j-core-2.11.2.jar
2021-12-23T15:12:18 INFO process_jar: Found a VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\lookupservice\WEB-INF\lib\log4j-core-2.11.2.jar
2021-12-23T15:12:19 INFO process_jar: Found a VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\openidconnect\WEB-INF\lib\log4j-core-2.11.2.jar
2021-12-23T15:12:20 INFO process_jar: Found a VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\sso-adminserver\WEB-INF\lib\log4j-core-2.11.2.jar
2021-12-23T15:12:21 INFO process_jar: Found a VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\sts\WEB-INF\lib\log4j-core-2.11.2.jar
2021-12-23T15:12:22 INFO process_jar: Found a VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\websso\WEB-INF\lib\log4j-core-2.11.2.jar
2021-12-23T15:12:53 INFO patch_vmon_confs: Found VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\cis-license.json
2021-12-23T15:12:53 INFO patch_vmon_confs: Found VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\cm.json
2021-12-23T15:12:53 INFO patch_vmon_confs: Found VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\eam.json
2021-12-23T15:12:53 INFO patch_vmon_confs: Found VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\mbcs.json
2021-12-23T15:12:53 INFO patch_vmon_confs: Found VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\perfcharts.json
2021-12-23T15:12:53 INFO patch_vmon_confs: Found VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\sps.json
2021-12-23T15:12:53 INFO patch_vmon_confs: Found VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\vapi-endpoint.json
2021-12-23T15:12:53 INFO patch_vmon_confs: Found VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\vdcs.json
2021-12-23T15:12:53 INFO patch_vmon_confs: Found VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\vmware-sca.json
2021-12-23T15:12:53 INFO patch_vmon_confs: Found VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\vpxd-svcs.json
2021-12-23T15:12:53 INFO patch_vmon_confs: Found VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\vsm.json
2021-12-23T15:12:53 INFO patch_vmon_confs: Found VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\vsphere-client.json
2021-12-23T15:12:53 INFO patch_vmon_confs: Found VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\vsphere-ui.json
2021-12-23T15:12:53 INFO _patch_file: Found VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\conf\wrapper.conf
2021-12-23T15:12:53 INFO patch_idmd: Found a VULNERABLE component:  RegKey HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Apache Software Foundation\Procrun 2.0\VMwareIdentityMgmtService\Parameters\Java
2021-12-23T15:12:53 INFO _patch_file: Found VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\runtime\vmware-psc-client\conf\wrapper.conf
2021-12-23T15:12:53 INFO print_summary:
=====     Summary     =====
List of vulnerable java archive files:

C:\Program Files\VMware\vCenter Server\cm\lib\log4j-core.jar
C:\Program Files\VMware\vCenter Server\common-jars\log4j-core-2.11.2.jar
C:\Program Files\VMware\vCenter Server\VMware Identity Services\log4j-core-2.11.2.jar
C:\Program Files\VMware\vCenter Server\VMware Identity Services\Tomcat\web-apps\afd.war
C:\Program Files\VMware\vCenter Server\VMware Identity Services\Tomcat\web-apps\idm.war
C:\Program Files\VMware\vCenter Server\VMware Identity Services\Tomcat\web-apps\lookupservice.war
C:\Program Files\VMware\vCenter Server\VMware Identity Services\Tomcat\web-apps\openidconnect.war
C:\Program Files\VMware\vCenter Server\VMware Identity Services\Tomcat\web-apps\sso-adminserver.war
C:\Program Files\VMware\vCenter Server\VMware Identity Services\Tomcat\web-apps\sts.war
C:\Program Files\VMware\vCenter Server\VMware Identity Services\Tomcat\web-apps\websso.war
C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\afd.war
C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\idm.war
C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\lookupservice.war
C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\openidconnect.war
C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\sso-adminserver.war
C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\sts.war
C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\websso.war
C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\afd\WEB-INF\lib\log4j-core-2.11.2.jar
C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\idm\WEB-INF\lib\log4j-core-2.11.2.jar
C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\lookupservice\WEB-INF\lib\log4j-core-2.11.2.jar
C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\openidconnect\WEB-INF\lib\log4j-core-2.11.2.jar
C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\sso-adminserver\WEB-INF\lib\log4j-core-2.11.2.jar
C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\sts\WEB-INF\lib\log4j-core-2.11.2.jar
C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\websso\WEB-INF\lib\log4j-core-2.11.2.jar

List of vulnerable configuration files:

C:\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\cis-license.json
C:\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\cm.json
C:\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\eam.json
C:\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\mbcs.json
C:\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\perfcharts.json
C:\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\sps.json
C:\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\vapi-endpoint.json
C:\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\vdcs.json
C:\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\vmware-sca.json
C:\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\vpxd-svcs.json
C:\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\vsm.json
C:\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\vsphere-client.json
C:\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\vsphere-ui.json
C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\conf\wrapper.conf
RegKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Apache Software Foundation\Procrun 2.0\VMwareIdentityMgmtService\Parameters\Java
C:\ProgramData\VMware\vCenterServer\runtime\vmware-psc-client\conf\wrapper.conf

Total found: 40
Log file: C:\ProgramData\VMware\vCenterServer\logs\vmsa-2021-0028_2021_12_23_06_11_29.log
===========================
2021-12-23T15:12:53 INFO main: Done.

c:\>"%VMWARE_PYTHON_PATH%" vc_log4j_mitigator.py
2021-12-23T15:21:12 INFO main: Script version: 1.6.0
2021-12-23T15:21:12 INFO main: vCenter type: Version: 6.5.0.64300; Build: 15259038; Deployment type: embedded; Gateway: False; VCHA: False; Windows: True;
A service stop and start is required to complete this operation.  Continue?[y]y
2021-12-23T15:21:15 INFO stop: stopping services
2021-12-23T15:24:16 INFO process_jar: Found a VULNERABLE FILE: C:\Program Files\VMware\vCenter Server\cm\lib\log4j-core.jar
2021-12-23T15:24:16 INFO backup_file: VULNERABLE FILE: C:\Program Files\VMware\vCenter Server\cm\lib\log4j-core.jar backed up to c:\users\admini~1\appdata\local\temp\tmp9qo6a1\Program Files\VMware\vCenter Server\cm\lib\log4j-core.jar.bak
2021-12-23T15:24:16 INFO process_jar: VULNERABLE FILE: C:\Program Files\VMware\vCenter Server\cm\lib\log4j-core.jar backed up to c:\users\admini~1\appdata\local\temp\tmp9qo6a1\Program Files\VMware\vCenter Server\cm\lib\log4j-core.jar.bak
2021-12-23T15:24:17 INFO process_jar: Found a VULNERABLE FILE: C:\Program Files\VMware\vCenter Server\common-jars\log4j-core-2.11.2.jar
2021-12-23T15:24:17 INFO backup_file: VULNERABLE FILE: C:\Program Files\VMware\vCenter Server\common-jars\log4j-core-2.11.2.jar backed up to c:\users\admini~1\appdata\local\temp\tmp9qo6a1\Program Files\VMware\vCenter Server\common-jars\log4j-core-2.11.2.jar.bak
2021-12-23T15:24:17 INFO process_jar: VULNERABLE FILE: C:\Program Files\VMware\vCenter Server\common-jars\log4j-core-2.11.2.jar backed up to c:\users\admini~1\appdata\local\temp\tmp9qo6a1\Program Files\VMware\vCenter Server\common-jars\log4j-core-2.11.2.jar.bak
2021-12-23T15:24:19 INFO process_jar: Found a VULNERABLE FILE: C:\Program Files\VMware\vCenter Server\VMware Identity Services\log4j-core-2.11.2.jar
2021-12-23T15:24:19 INFO backup_file: VULNERABLE FILE: C:\Program Files\VMware\vCenter Server\VMware Identity Services\log4j-core-2.11.2.jar backed up to c:\users\admini~1\appdata\local\temp\tmp9qo6a1\Program Files\VMware\vCenter Server\VMware Identity Services\log4j-core-2.11.2.jar.bak
2021-12-23T15:24:19 INFO process_jar: VULNERABLE FILE: C:\Program Files\VMware\vCenter Server\VMware Identity Services\log4j-core-2.11.2.jar backed up to c:\users\admini~1\appdata\local\temp\tmp9qo6a1\Program Files\VMware\vCenter Server\VMware Identity Services\log4j-core-2.11.2.jar.bak
2021-12-23T15:24:20 INFO process_jar: Found a VULNERABLE FILE: c:\users\admini~1\appdata\local\temp\tmprjxspj\WEB-INF\lib\log4j-core-2.11.2.jar
2021-12-23T15:24:20 INFO backup_file: VULNERABLE FILE: c:\users\admini~1\appdata\local\temp\tmprjxspj\WEB-INF\lib\log4j-core-2.11.2.jar backed up to c:\users\admini~1\appdata\local\temp\tmp9qo6a1\users\admini~1\appdata\local\temp\tmprjxspj\WEB-INF\lib\log4j-core-2.11.2.jar.bak
2021-12-23T15:24:21 INFO process_war: Found a VULNERABLE WAR file with: C:\Program Files\VMware\vCenter Server\VMware Identity Services\Tomcat\web-apps\afd.war
2021-12-23T15:24:21 INFO backup_file: VULNERABLE FILE: C:\Program Files\VMware\vCenter Server\VMware Identity Services\Tomcat\web-apps\afd.war backed up to c:\users\admini~1\appdata\local\temp\tmp9qo6a1\Program Files\VMware\vCenter Server\VMware Identity Services\Tomcat\web-apps\afd.war.bak
2021-12-23T15:24:21 INFO process_war: VULNERABLE FILE: C:\Program Files\VMware\vCenter Server\VMware Identity Services\Tomcat\web-apps\afd.war backed up to c:\users\admini~1\appdata\local\temp\tmp9qo6a1\Program Files\VMware\vCenter Server\VMware Identity Services\Tomcat\web-apps\afd.war.bak
2021-12-23T15:24:21 INFO process_jar: Found a VULNERABLE FILE: c:\users\admini~1\appdata\local\temp\tmpnmmdtj\WEB-INF\lib\log4j-core-2.11.2.jar
2021-12-23T15:24:21 INFO backup_file: VULNERABLE FILE: c:\users\admini~1\appdata\local\temp\tmpnmmdtj\WEB-INF\lib\log4j-core-2.11.2.jar backed up to c:\users\admini~1\appdata\local\temp\tmp9qo6a1\users\admini~1\appdata\local\temp\tmpnmmdtj\WEB-INF\lib\log4j-core-2.11.2.jar.bak
2021-12-23T15:24:22 INFO process_war: Found a VULNERABLE WAR file with: C:\Program Files\VMware\vCenter Server\VMware Identity Services\Tomcat\web-apps\idm.war
2021-12-23T15:24:22 INFO backup_file: VULNERABLE FILE: C:\Program Files\VMware\vCenter Server\VMware Identity Services\Tomcat\web-apps\idm.war backed up to c:\users\admini~1\appdata\local\temp\tmp9qo6a1\Program Files\VMware\vCenter Server\VMware Identity Services\Tomcat\web-apps\idm.war.bak
2021-12-23T15:24:22 INFO process_war: VULNERABLE FILE: C:\Program Files\VMware\vCenter Server\VMware Identity Services\Tomcat\web-apps\idm.war backed up to c:\users\admini~1\appdata\local\temp\tmp9qo6a1\Program Files\VMware\vCenter Server\VMware Identity Services\Tomcat\web-apps\idm.war.bak
2021-12-23T15:24:23 INFO process_jar: Found a VULNERABLE FILE: c:\users\admini~1\appdata\local\temp\tmp85bdbz\WEB-INF\lib\log4j-core-2.11.2.jar
2021-12-23T15:24:23 INFO backup_file: VULNERABLE FILE: c:\users\admini~1\appdata\local\temp\tmp85bdbz\WEB-INF\lib\log4j-core-2.11.2.jar backed up to c:\users\admini~1\appdata\local\temp\tmp9qo6a1\users\admini~1\appdata\local\temp\tmp85bdbz\WEB-INF\lib\log4j-core-2.11.2.jar.bak
2021-12-23T15:24:24 INFO process_war: Found a VULNERABLE WAR file with: C:\Program Files\VMware\vCenter Server\VMware Identity Services\Tomcat\web-apps\lookupservice.war
2021-12-23T15:24:24 INFO backup_file: VULNERABLE FILE: C:\Program Files\VMware\vCenter Server\VMware Identity Services\Tomcat\web-apps\lookupservice.war backed up to c:\users\admini~1\appdata\local\temp\tmp9qo6a1\Program Files\VMware\vCenter Server\VMware Identity Services\Tomcat\web-apps\lookupservice.war.bak
2021-12-23T15:24:24 INFO process_war: VULNERABLE FILE: C:\Program Files\VMware\vCenter Server\VMware Identity Services\Tomcat\web-apps\lookupservice.war backed up to c:\users\admini~1\appdata\local\temp\tmp9qo6a1\Program Files\VMware\vCenter Server\VMware Identity Services\Tomcat\web-apps\lookupservice.war.bak
2021-12-23T15:24:24 INFO process_jar: Found a VULNERABLE FILE: c:\users\admini~1\appdata\local\temp\tmp1nuf7j\WEB-INF\lib\log4j-core-2.11.2.jar
2021-12-23T15:24:24 INFO backup_file: VULNERABLE FILE: c:\users\admini~1\appdata\local\temp\tmp1nuf7j\WEB-INF\lib\log4j-core-2.11.2.jar backed up to c:\users\admini~1\appdata\local\temp\tmp9qo6a1\users\admini~1\appdata\local\temp\tmp1nuf7j\WEB-INF\lib\log4j-core-2.11.2.jar.bak
2021-12-23T15:24:25 INFO process_war: Found a VULNERABLE WAR file with: C:\Program Files\VMware\vCenter Server\VMware Identity Services\Tomcat\web-apps\openidconnect.war
2021-12-23T15:24:25 INFO backup_file: VULNERABLE FILE: C:\Program Files\VMware\vCenter Server\VMware Identity Services\Tomcat\web-apps\openidconnect.war backed up to c:\users\admini~1\appdata\local\temp\tmp9qo6a1\Program Files\VMware\vCenter Server\VMware Identity Services\Tomcat\web-apps\openidconnect.war.bak
2021-12-23T15:24:25 INFO process_war: VULNERABLE FILE: C:\Program Files\VMware\vCenter Server\VMware Identity Services\Tomcat\web-apps\openidconnect.war backed up to c:\users\admini~1\appdata\local\temp\tmp9qo6a1\Program Files\VMware\vCenter Server\VMware Identity Services\Tomcat\web-apps\openidconnect.war.bak
2021-12-23T15:24:26 INFO process_jar: Found a VULNERABLE FILE: c:\users\admini~1\appdata\local\temp\tmpb3ncuo\WEB-INF\lib\log4j-core-2.11.2.jar
2021-12-23T15:24:26 INFO backup_file: VULNERABLE FILE: c:\users\admini~1\appdata\local\temp\tmpb3ncuo\WEB-INF\lib\log4j-core-2.11.2.jar backed up to c:\users\admini~1\appdata\local\temp\tmp9qo6a1\users\admini~1\appdata\local\temp\tmpb3ncuo\WEB-INF\lib\log4j-core-2.11.2.jar.bak
2021-12-23T15:24:27 INFO process_war: Found a VULNERABLE WAR file with: C:\Program Files\VMware\vCenter Server\VMware Identity Services\Tomcat\web-apps\sso-adminserver.war
2021-12-23T15:24:27 INFO backup_file: VULNERABLE FILE: C:\Program Files\VMware\vCenter Server\VMware Identity Services\Tomcat\web-apps\sso-adminserver.war backed up to c:\users\admini~1\appdata\local\temp\tmp9qo6a1\Program Files\VMware\vCenter Server\VMware Identity Services\Tomcat\web-apps\sso-adminserver.war.bak
2021-12-23T15:24:27 INFO process_war: VULNERABLE FILE: C:\Program Files\VMware\vCenter Server\VMware Identity Services\Tomcat\web-apps\sso-adminserver.war backed up to c:\users\admini~1\appdata\local\temp\tmp9qo6a1\Program Files\VMware\vCenter Server\VMware Identity Services\Tomcat\web-apps\sso-adminserver.war.bak
2021-12-23T15:24:29 INFO process_jar: Found a VULNERABLE FILE: c:\users\admini~1\appdata\local\temp\tmpyqy8aa\WEB-INF\lib\log4j-core-2.11.2.jar
2021-12-23T15:24:29 INFO backup_file: VULNERABLE FILE: c:\users\admini~1\appdata\local\temp\tmpyqy8aa\WEB-INF\lib\log4j-core-2.11.2.jar backed up to c:\users\admini~1\appdata\local\temp\tmp9qo6a1\users\admini~1\appdata\local\temp\tmpyqy8aa\WEB-INF\lib\log4j-core-2.11.2.jar.bak
2021-12-23T15:24:30 INFO process_war: Found a VULNERABLE WAR file with: C:\Program Files\VMware\vCenter Server\VMware Identity Services\Tomcat\web-apps\sts.war
2021-12-23T15:24:30 INFO backup_file: VULNERABLE FILE: C:\Program Files\VMware\vCenter Server\VMware Identity Services\Tomcat\web-apps\sts.war backed up to c:\users\admini~1\appdata\local\temp\tmp9qo6a1\Program Files\VMware\vCenter Server\VMware Identity Services\Tomcat\web-apps\sts.war.bak
2021-12-23T15:24:30 INFO process_war: VULNERABLE FILE: C:\Program Files\VMware\vCenter Server\VMware Identity Services\Tomcat\web-apps\sts.war backed up to c:\users\admini~1\appdata\local\temp\tmp9qo6a1\Program Files\VMware\vCenter Server\VMware Identity Services\Tomcat\web-apps\sts.war.bak
2021-12-23T15:24:31 INFO process_jar: Found a VULNERABLE FILE: c:\users\admini~1\appdata\local\temp\tmpa0gz2y\WEB-INF\lib\log4j-core-2.11.2.jar
2021-12-23T15:24:31 INFO backup_file: VULNERABLE FILE: c:\users\admini~1\appdata\local\temp\tmpa0gz2y\WEB-INF\lib\log4j-core-2.11.2.jar backed up to c:\users\admini~1\appdata\local\temp\tmp9qo6a1\users\admini~1\appdata\local\temp\tmpa0gz2y\WEB-INF\lib\log4j-core-2.11.2.jar.bak
2021-12-23T15:24:32 INFO process_war: Found a VULNERABLE WAR file with: C:\Program Files\VMware\vCenter Server\VMware Identity Services\Tomcat\web-apps\websso.war
2021-12-23T15:24:32 INFO backup_file: VULNERABLE FILE: C:\Program Files\VMware\vCenter Server\VMware Identity Services\Tomcat\web-apps\websso.war backed up to c:\users\admini~1\appdata\local\temp\tmp9qo6a1\Program Files\VMware\vCenter Server\VMware Identity Services\Tomcat\web-apps\websso.war.bak
2021-12-23T15:24:33 INFO process_war: VULNERABLE FILE: C:\Program Files\VMware\vCenter Server\VMware Identity Services\Tomcat\web-apps\websso.war backed up to c:\users\admini~1\appdata\local\temp\tmp9qo6a1\Program Files\VMware\vCenter Server\VMware Identity Services\Tomcat\web-apps\websso.war.bak
2021-12-23T15:24:39 INFO process_jar: Found a VULNERABLE FILE: c:\users\admini~1\appdata\local\temp\tmpwpitbh\WEB-INF\lib\log4j-core-2.11.2.jar
2021-12-23T15:24:39 INFO backup_file: VULNERABLE FILE: c:\users\admini~1\appdata\local\temp\tmpwpitbh\WEB-INF\lib\log4j-core-2.11.2.jar backed up to c:\users\admini~1\appdata\local\temp\tmp9qo6a1\users\admini~1\appdata\local\temp\tmpwpitbh\WEB-INF\lib\log4j-core-2.11.2.jar.bak
2021-12-23T15:24:40 INFO process_war: Found a VULNERABLE WAR file with: C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\afd.war
2021-12-23T15:24:40 INFO backup_file: VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\afd.war backed up to c:\users\admini~1\appdata\local\temp\tmp9qo6a1\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\afd.war.bak
2021-12-23T15:24:40 INFO process_war: VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\afd.war backed up to c:\users\admini~1\appdata\local\temp\tmp9qo6a1\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\afd.war.bak
2021-12-23T15:24:41 INFO process_jar: Found a VULNERABLE FILE: c:\users\admini~1\appdata\local\temp\tmpddcxti\WEB-INF\lib\log4j-core-2.11.2.jar
2021-12-23T15:24:41 INFO backup_file: VULNERABLE FILE: c:\users\admini~1\appdata\local\temp\tmpddcxti\WEB-INF\lib\log4j-core-2.11.2.jar backed up to c:\users\admini~1\appdata\local\temp\tmp9qo6a1\users\admini~1\appdata\local\temp\tmpddcxti\WEB-INF\lib\log4j-core-2.11.2.jar.bak
2021-12-23T15:24:41 INFO process_war: Found a VULNERABLE WAR file with: C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\idm.war
2021-12-23T15:24:41 INFO backup_file: VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\idm.war backed up to c:\users\admini~1\appdata\local\temp\tmp9qo6a1\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\idm.war.bak
2021-12-23T15:24:41 INFO process_war: VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\idm.war backed up to c:\users\admini~1\appdata\local\temp\tmp9qo6a1\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\idm.war.bak
2021-12-23T15:24:42 INFO process_jar: Found a VULNERABLE FILE: c:\users\admini~1\appdata\local\temp\tmpkz9v4r\WEB-INF\lib\log4j-core-2.11.2.jar
2021-12-23T15:24:42 INFO backup_file: VULNERABLE FILE: c:\users\admini~1\appdata\local\temp\tmpkz9v4r\WEB-INF\lib\log4j-core-2.11.2.jar backed up to c:\users\admini~1\appdata\local\temp\tmp9qo6a1\users\admini~1\appdata\local\temp\tmpkz9v4r\WEB-INF\lib\log4j-core-2.11.2.jar.bak
2021-12-23T15:24:42 INFO process_war: Found a VULNERABLE WAR file with: C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\lookupservice.war
2021-12-23T15:24:42 INFO backup_file: VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\lookupservice.war backed up to c:\users\admini~1\appdata\local\temp\tmp9qo6a1\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\lookupservice.war.bak
2021-12-23T15:24:43 INFO process_war: VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\lookupservice.war backed up to c:\users\admini~1\appdata\local\temp\tmp9qo6a1\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\lookupservice.war.bak
2021-12-23T15:24:43 INFO process_jar: Found a VULNERABLE FILE: c:\users\admini~1\appdata\local\temp\tmpjzwpoc\WEB-INF\lib\log4j-core-2.11.2.jar
2021-12-23T15:24:43 INFO backup_file: VULNERABLE FILE: c:\users\admini~1\appdata\local\temp\tmpjzwpoc\WEB-INF\lib\log4j-core-2.11.2.jar backed up to c:\users\admini~1\appdata\local\temp\tmp9qo6a1\users\admini~1\appdata\local\temp\tmpjzwpoc\WEB-INF\lib\log4j-core-2.11.2.jar.bak
2021-12-23T15:24:43 INFO process_war: Found a VULNERABLE WAR file with: C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\openidconnect.war
2021-12-23T15:24:43 INFO backup_file: VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\openidconnect.war backed up to c:\users\admini~1\appdata\local\temp\tmp9qo6a1\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\openidconnect.war.bak
2021-12-23T15:24:44 INFO process_war: VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\openidconnect.war backed up to c:\users\admini~1\appdata\local\temp\tmp9qo6a1\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\openidconnect.war.bak
2021-12-23T15:24:45 INFO process_jar: Found a VULNERABLE FILE: c:\users\admini~1\appdata\local\temp\tmppyoo0q\WEB-INF\lib\log4j-core-2.11.2.jar
2021-12-23T15:24:45 INFO backup_file: VULNERABLE FILE: c:\users\admini~1\appdata\local\temp\tmppyoo0q\WEB-INF\lib\log4j-core-2.11.2.jar backed up to c:\users\admini~1\appdata\local\temp\tmp9qo6a1\users\admini~1\appdata\local\temp\tmppyoo0q\WEB-INF\lib\log4j-core-2.11.2.jar.bak
2021-12-23T15:24:45 INFO process_war: Found a VULNERABLE WAR file with: C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\sso-adminserver.war
2021-12-23T15:24:46 INFO backup_file: VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\sso-adminserver.war backed up to c:\users\admini~1\appdata\local\temp\tmp9qo6a1\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\sso-adminserver.war.bak
2021-12-23T15:24:46 INFO process_war: VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\sso-adminserver.war backed up to c:\users\admini~1\appdata\local\temp\tmp9qo6a1\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\sso-adminserver.war.bak
2021-12-23T15:24:47 INFO process_jar: Found a VULNERABLE FILE: c:\users\admini~1\appdata\local\temp\tmphfzpmz\WEB-INF\lib\log4j-core-2.11.2.jar
2021-12-23T15:24:47 INFO backup_file: VULNERABLE FILE: c:\users\admini~1\appdata\local\temp\tmphfzpmz\WEB-INF\lib\log4j-core-2.11.2.jar backed up to c:\users\admini~1\appdata\local\temp\tmp9qo6a1\users\admini~1\appdata\local\temp\tmphfzpmz\WEB-INF\lib\log4j-core-2.11.2.jar.bak
2021-12-23T15:24:48 INFO process_war: Found a VULNERABLE WAR file with: C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\sts.war
2021-12-23T15:24:48 INFO backup_file: VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\sts.war backed up to c:\users\admini~1\appdata\local\temp\tmp9qo6a1\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\sts.war.bak
2021-12-23T15:24:49 INFO process_war: VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\sts.war backed up to c:\users\admini~1\appdata\local\temp\tmp9qo6a1\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\sts.war.bak
2021-12-23T15:24:50 INFO process_jar: Found a VULNERABLE FILE: c:\users\admini~1\appdata\local\temp\tmpoygijn\WEB-INF\lib\log4j-core-2.11.2.jar
2021-12-23T15:24:50 INFO backup_file: VULNERABLE FILE: c:\users\admini~1\appdata\local\temp\tmpoygijn\WEB-INF\lib\log4j-core-2.11.2.jar backed up to c:\users\admini~1\appdata\local\temp\tmp9qo6a1\users\admini~1\appdata\local\temp\tmpoygijn\WEB-INF\lib\log4j-core-2.11.2.jar.bak
2021-12-23T15:24:51 INFO process_war: Found a VULNERABLE WAR file with: C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\websso.war
2021-12-23T15:24:51 INFO backup_file: VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\websso.war backed up to c:\users\admini~1\appdata\local\temp\tmp9qo6a1\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\websso.war.bak
2021-12-23T15:24:51 INFO process_war: VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\websso.war backed up to c:\users\admini~1\appdata\local\temp\tmp9qo6a1\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\websso.war.bak
2021-12-23T15:24:52 INFO process_jar: Found a VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\afd\WEB-INF\lib\log4j-core-2.11.2.jar
2021-12-23T15:24:52 INFO backup_file: VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\afd\WEB-INF\lib\log4j-core-2.11.2.jar backed up to c:\users\admini~1\appdata\local\temp\tmp9qo6a1\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\afd\WEB-INF\lib\log4j-core-2.11.2.jar.bak
2021-12-23T15:24:52 INFO process_jar: VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\afd\WEB-INF\lib\log4j-core-2.11.2.jar backed up to c:\users\admini~1\appdata\local\temp\tmp9qo6a1\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\afd\WEB-INF\lib\log4j-core-2.11.2.jar.bak
2021-12-23T15:24:52 INFO process_jar: Found a VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\idm\WEB-INF\lib\log4j-core-2.11.2.jar
2021-12-23T15:24:52 INFO backup_file: VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\idm\WEB-INF\lib\log4j-core-2.11.2.jar backed up to c:\users\admini~1\appdata\local\temp\tmp9qo6a1\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\idm\WEB-INF\lib\log4j-core-2.11.2.jar.bak
2021-12-23T15:24:52 INFO process_jar: VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\idm\WEB-INF\lib\log4j-core-2.11.2.jar backed up to c:\users\admini~1\appdata\local\temp\tmp9qo6a1\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\idm\WEB-INF\lib\log4j-core-2.11.2.jar.bak
2021-12-23T15:24:53 INFO process_jar: Found a VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\lookupservice\WEB-INF\lib\log4j-core-2.11.2.jar
2021-12-23T15:24:53 INFO backup_file: VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\lookupservice\WEB-INF\lib\log4j-core-2.11.2.jar backed up to c:\users\admini~1\appdata\local\temp\tmp9qo6a1\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\lookupservice\WEB-INF\lib\log4j-core-2.11.2.jar.bak
2021-12-23T15:24:53 INFO process_jar: VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\lookupservice\WEB-INF\lib\log4j-core-2.11.2.jar backed up to c:\users\admini~1\appdata\local\temp\tmp9qo6a1\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\lookupservice\WEB-INF\lib\log4j-core-2.11.2.jar.bak
2021-12-23T15:24:53 INFO process_jar: Found a VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\openidconnect\WEB-INF\lib\log4j-core-2.11.2.jar
2021-12-23T15:24:53 INFO backup_file: VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\openidconnect\WEB-INF\lib\log4j-core-2.11.2.jar backed up to c:\users\admini~1\appdata\local\temp\tmp9qo6a1\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\openidconnect\WEB-INF\lib\log4j-core-2.11.2.jar.bak
2021-12-23T15:24:53 INFO process_jar: VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\openidconnect\WEB-INF\lib\log4j-core-2.11.2.jar backed up to c:\users\admini~1\appdata\local\temp\tmp9qo6a1\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\openidconnect\WEB-INF\lib\log4j-core-2.11.2.jar.bak
2021-12-23T15:24:53 INFO process_jar: Found a VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\sso-adminserver\WEB-INF\lib\log4j-core-2.11.2.jar
2021-12-23T15:24:53 INFO backup_file: VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\sso-adminserver\WEB-INF\lib\log4j-core-2.11.2.jar backed up to c:\users\admini~1\appdata\local\temp\tmp9qo6a1\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\sso-adminserver\WEB-INF\lib\log4j-core-2.11.2.jar.bak
2021-12-23T15:24:54 INFO process_jar: VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\sso-adminserver\WEB-INF\lib\log4j-core-2.11.2.jar backed up to c:\users\admini~1\appdata\local\temp\tmp9qo6a1\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\sso-adminserver\WEB-INF\lib\log4j-core-2.11.2.jar.bak
2021-12-23T15:24:54 INFO process_jar: Found a VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\sts\WEB-INF\lib\log4j-core-2.11.2.jar
2021-12-23T15:24:54 INFO backup_file: VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\sts\WEB-INF\lib\log4j-core-2.11.2.jar backed up to c:\users\admini~1\appdata\local\temp\tmp9qo6a1\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\sts\WEB-INF\lib\log4j-core-2.11.2.jar.bak
2021-12-23T15:24:54 INFO process_jar: VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\sts\WEB-INF\lib\log4j-core-2.11.2.jar backed up to c:\users\admini~1\appdata\local\temp\tmp9qo6a1\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\sts\WEB-INF\lib\log4j-core-2.11.2.jar.bak
2021-12-23T15:24:54 INFO process_jar: Found a VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\websso\WEB-INF\lib\log4j-core-2.11.2.jar
2021-12-23T15:24:54 INFO backup_file: VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\websso\WEB-INF\lib\log4j-core-2.11.2.jar backed up to c:\users\admini~1\appdata\local\temp\tmp9qo6a1\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\websso\WEB-INF\lib\log4j-core-2.11.2.jar.bak
2021-12-23T15:24:54 INFO process_jar: VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\websso\WEB-INF\lib\log4j-core-2.11.2.jar backed up to c:\users\admini~1\appdata\local\temp\tmp9qo6a1\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\websso\WEB-INF\lib\log4j-core-2.11.2.jar.bak
2021-12-23T15:25:14 INFO patch_vmon_confs: Found VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\cis-license.json
2021-12-23T15:25:14 INFO backup_file: VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\cis-license.json backed up to c:\users\admini~1\appdata\local\temp\tmp9qo6a1\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\cis-license.json.bak
2021-12-23T15:25:14 INFO patch_vmon_confs: Found VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\cm.json
2021-12-23T15:25:14 INFO backup_file: VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\cm.json backed up to c:\users\admini~1\appdata\local\temp\tmp9qo6a1\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\cm.json.bak
2021-12-23T15:25:14 INFO patch_vmon_confs: Found VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\eam.json
2021-12-23T15:25:14 INFO backup_file: VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\eam.json backed up to c:\users\admini~1\appdata\local\temp\tmp9qo6a1\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\eam.json.bak
2021-12-23T15:25:14 INFO patch_vmon_confs: Found VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\mbcs.json
2021-12-23T15:25:14 INFO backup_file: VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\mbcs.json backed up to c:\users\admini~1\appdata\local\temp\tmp9qo6a1\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\mbcs.json.bak
2021-12-23T15:25:14 INFO patch_vmon_confs: Found VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\perfcharts.json
2021-12-23T15:25:14 INFO backup_file: VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\perfcharts.json backed up to c:\users\admini~1\appdata\local\temp\tmp9qo6a1\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\perfcharts.json.bak
2021-12-23T15:25:14 INFO patch_vmon_confs: Found VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\sps.json
2021-12-23T15:25:14 INFO backup_file: VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\sps.json backed up to c:\users\admini~1\appdata\local\temp\tmp9qo6a1\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\sps.json.bak
2021-12-23T15:25:14 INFO patch_vmon_confs: Found VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\vapi-endpoint.json
2021-12-23T15:25:14 INFO backup_file: VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\vapi-endpoint.json backed up to c:\users\admini~1\appdata\local\temp\tmp9qo6a1\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\vapi-endpoint.json.bak
2021-12-23T15:25:14 INFO patch_vmon_confs: Found VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\vdcs.json
2021-12-23T15:25:14 INFO backup_file: VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\vdcs.json backed up to c:\users\admini~1\appdata\local\temp\tmp9qo6a1\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\vdcs.json.bak
2021-12-23T15:25:14 INFO patch_vmon_confs: Found VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\vmware-sca.json
2021-12-23T15:25:14 INFO backup_file: VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\vmware-sca.json backed up to c:\users\admini~1\appdata\local\temp\tmp9qo6a1\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\vmware-sca.json.bak
2021-12-23T15:25:14 INFO patch_vmon_confs: Found VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\vpxd-svcs.json
2021-12-23T15:25:14 INFO backup_file: VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\vpxd-svcs.json backed up to c:\users\admini~1\appdata\local\temp\tmp9qo6a1\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\vpxd-svcs.json.bak
2021-12-23T15:25:14 INFO patch_vmon_confs: Found VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\vsm.json
2021-12-23T15:25:14 INFO backup_file: VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\vsm.json backed up to c:\users\admini~1\appdata\local\temp\tmp9qo6a1\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\vsm.json.bak
2021-12-23T15:25:14 INFO patch_vmon_confs: Found VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\vsphere-client.json
2021-12-23T15:25:14 INFO backup_file: VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\vsphere-client.json backed up to c:\users\admini~1\appdata\local\temp\tmp9qo6a1\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\vsphere-client.json.bak
2021-12-23T15:25:14 INFO patch_vmon_confs: Found VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\vsphere-ui.json
2021-12-23T15:25:14 INFO backup_file: VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\vsphere-ui.json backed up to c:\users\admini~1\appdata\local\temp\tmp9qo6a1\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\vsphere-ui.json.bak
2021-12-23T15:25:14 INFO _patch_file: Found VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\conf\wrapper.conf
2021-12-23T15:25:14 INFO backup_file: VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\conf\wrapper.conf backed up to c:\users\admini~1\appdata\local\temp\tmp9qo6a1\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\conf\wrapper.conf.bak
2021-12-23T15:25:14 INFO patch_idmd: Found a VULNERABLE component:  RegKey HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Apache Software Foundation\Procrun 2.0\VMwareIdentityMgmtService\Parameters\Java
2021-12-23T15:25:14 INFO patch_idmd: VULNERABLE REGKEY: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Apache Software Foundation\Procrun 2.0\VMwareIdentityMgmtService\Parameters\Java backed up to c:\users\admini~1\appdata\local\temp\tmp9qo6a1\IDMD_REG_BACKUP
2021-12-23T15:25:14 INFO _patch_file: Found VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\runtime\vmware-psc-client\conf\wrapper.conf
2021-12-23T15:25:14 INFO backup_file: VULNERABLE FILE: C:\ProgramData\VMware\vCenterServer\runtime\vmware-psc-client\conf\wrapper.conf backed up to c:\users\admini~1\appdata\local\temp\tmp9qo6a1\ProgramData\VMware\vCenterServer\runtime\vmware-psc-client\conf\wrapper.conf.bak
2021-12-23T15:25:14 INFO print_summary:
=====     Summary     =====
Backup Directory: c:\users\admini~1\appdata\local\temp\tmp9qo6a1
List of processed java archive files:

C:\Program Files\VMware\vCenter Server\cm\lib\log4j-core.jar
C:\Program Files\VMware\vCenter Server\common-jars\log4j-core-2.11.2.jar
C:\Program Files\VMware\vCenter Server\VMware Identity Services\log4j-core-2.11.2.jar
C:\Program Files\VMware\vCenter Server\VMware Identity Services\Tomcat\web-apps\afd.war
C:\Program Files\VMware\vCenter Server\VMware Identity Services\Tomcat\web-apps\idm.war
C:\Program Files\VMware\vCenter Server\VMware Identity Services\Tomcat\web-apps\lookupservice.war
C:\Program Files\VMware\vCenter Server\VMware Identity Services\Tomcat\web-apps\openidconnect.war
C:\Program Files\VMware\vCenter Server\VMware Identity Services\Tomcat\web-apps\sso-adminserver.war
C:\Program Files\VMware\vCenter Server\VMware Identity Services\Tomcat\web-apps\sts.war
C:\Program Files\VMware\vCenter Server\VMware Identity Services\Tomcat\web-apps\websso.war
C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\afd.war
C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\idm.war
C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\lookupservice.war
C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\openidconnect.war
C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\sso-adminserver.war
C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\sts.war
C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\websso.war
C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\afd\WEB-INF\lib\log4j-core-2.11.2.jar
C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\idm\WEB-INF\lib\log4j-core-2.11.2.jar
C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\lookupservice\WEB-INF\lib\log4j-core-2.11.2.jar
C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\openidconnect\WEB-INF\lib\log4j-core-2.11.2.jar
C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\sso-adminserver\WEB-INF\lib\log4j-core-2.11.2.jar
C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\sts\WEB-INF\lib\log4j-core-2.11.2.jar
C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\websso\WEB-INF\lib\log4j-core-2.11.2.jar

List of processed configuration files:

C:\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\cis-license.json
C:\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\cm.json
C:\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\eam.json
C:\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\mbcs.json
C:\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\perfcharts.json
C:\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\sps.json
C:\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\vapi-endpoint.json
C:\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\vdcs.json
C:\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\vmware-sca.json
C:\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\vpxd-svcs.json
C:\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\vsm.json
C:\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\vsphere-client.json
C:\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\vsphere-ui.json
C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\conf\wrapper.conf
RegKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Apache Software Foundation\Procrun 2.0\VMwareIdentityMgmtService\Parameters\Java
C:\ProgramData\VMware\vCenterServer\runtime\vmware-psc-client\conf\wrapper.conf

Total fixed: 40

    NOTE: Running this script again with the --dryrun
    flag should now yield 0 vulnerable files.

Log file: C:\ProgramData\VMware\vCenterServer\logs\vmsa-2021-0028_2021_12_23_06_21_12.log
===========================
2021-12-23T15:25:14 INFO start: starting services
2021-12-23T15:30:47 INFO main: Done.

c:\>"%VMWARE_PYTHON_PATH%" vc_log4j_mitigator.py -r
2021-12-23T15:32:14 INFO main: Script version: 1.6.0
2021-12-23T15:32:14 INFO main: vCenter type: Version: 6.5.0.64300; Build: 15259038; Deployment type: embedded; Gateway: False; VCHA: False; Windows: True;
2021-12-23T15:32:14 INFO main: Running in dryrun mode.
2021-12-23T15:33:04 INFO print_summary:
=====     Summary     =====

No vulnerable files found!

Total found: 0
Log file: C:\ProgramData\VMware\vCenterServer\logs\vmsa-2021-0028_2021_12_23_06_32_14.log
===========================
2021-12-23T15:33:04 INFO main: Done.
1
0
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
1
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?