top of page

Experienced Technology Product Manager adept at steering success throughout the entire product lifecycle, from conceptualization to market delivery. Proficient in market analysis, strategic planning, and effective team leadership, utilizing data-driven approaches for ongoing enhancements.

  • Twitter
  • LinkedIn
White Background

Implementing workaround to remediate CVE-2021-44228 for vRealize LogInsight 8.2 - 8.6 versions

Updated: Jun 13, 2022


Here's the PDF document of the same instructions

CVE-2021-44228 vRealize LogInsight Workaround Implementation
Download PDF • 686KB


Note: The content of this blog is same as in KB: 87089 but with screenshots and expected outputs to make things easier



  • CVE-2021-44228 has been determined to be present in vRealize Log Insight 8.2 - 8.6 via the Apache Log4j open source component it ships

  • This vulnerability and its impact on VMware products are documented in the following VMware Security Advisory (VMSA), please review this document before continuing: CVE-2021-44228 - VMSA-2021-0028



  • The workarounds described in this document are meant to be a temporary solution only.

  • Upgrades documented in the aforementioned advisory should be applied to remediate CVE-2021-44228 when available



  • To apply the workaround for CVE-2021-44228 to vRealize Log Insight, perform the following steps:

For each vRealize Log Insight node:


Download and Copy the script or file to /tmp directory


SSH to the node or use Console by pressing Alt+F1 and login as root and then change or browse to /tmp where the script has been copied

cd /tmp


List the files to see script present


Run below command to make this executable

chmod +x /tmp/

Once executed , you would see that the permissions of the file change


Next step is to EXECUTE the script

root@li [ /tmp ]# ./ 

Hardening Log Insight appliance against CVE-2021-44228. For more information refer to: 

Patching Log Insight Java options: /etc/default/loginsight... SUCCESS 
Patching Cassandra Java options: /usr/lib/loginsight/application/lib/apache-cassandra-*/conf/jvm.options... SUCCESS 
Patching Tomcat Java options: /usr/lib/loginsight/application/3rd_party/apache-tomcat-*/bin/ SUCCESS 

ATTENTION: Please restart Log Insight service for the patch to take effect.


Once done perform a LogInsight service restart

service loginsight restart 

Wait for few seconds till vRealize LogInsight is fully up


  • Since i have a standalone node for vRealize LogInsight , there was no need for me to upload and implement patch on other nodes. if there are multiple nodes in your environment then these steps have to be followed on each node one after another

  • Ensure the LogInsight services are completely up and running before proceeding to the next server



  • To verify the workaround for CVE-2021-44228 has been correctly applied to vRealize Log Insight, perform the following steps:

    1. Log into each node as root via SSH or Console, pressing ALT+F1 in a Console to log in

    2. Run the following command to verify if the workaround was successful:

ps axf | grep --color log4j2.formatMsgNoLookups | grep -v grep

Note: There should be a output from the above command.

If there was no output on any particular node(s), that node(s) was not successfully modified

Re-run the script on that node(s) following the instructions above


101 views0 comments


Rated 0 out of 5 stars.
No ratings yet

Add a rating
bottom of page