Aruba Networks

[luke-hampson]

Customer managed Orchestrator and legacy GMS products are affected

https://www.arubanetworks.com/website/techdocs/sdwan/docs/advisories/media/security_advisory_notice_apache_log4j2_cve_2021_44228.pdf

Corrective Actions:

1. SSH to the Orchestrator virtual machine and log in as the admin user.
2. Change to the /home/gms/gms directory.
3. Open the file named “gmsserver” for editing.
4. Locate the line that starts with: exec $JAVA_HOME/bin/java
5. Add the text below just before com.silverpeak.gms.server.VistaPointServer

-Dlog4j.formatMsgNoLookups=true

6. Save and Reboot