Hello and welcome. This is Rebecca from the VX rail GSE team today. I'll be going through the knowledge base article for the VX rail security update for Apache log for J remote code execution vulnerability, CV E dash 2021-44228. We're going to start by navigating to the Dell support site and searching for our knowledge base article and we're gonna scroll down and today we're going to be looking at the VX rail work around. Please take time to read through this knowledge base article and note for the full mitigation for the VX rail.
It requires both the V CS a workaround as well as the VX rail workaround sign in using your support account and scroll down. Click on the attachment and you'll see it downloaded once complete. Please log in to the VCENTER Guey using administrator at vsphere dot local. We're going to begin this by taking an offline snapshot of the VX rail manager. So we're going to click power shutdown guest os once it's shut down, we're going to click snapshots, take snapshot, create as you can see down the bottom in the task bar create virtual machine snapshot completed.
We can also confirm this by right clicking on BXR manager, snapshots, manage snapshots and we can see our decent snapshot. Now, we're going to power the B XL manager back on once this is complete, we're going to open up a SSH session to the B XL manager using the Mystic Account today. I'm using Mobile X but you could also use Putty Su to root and you'll see that the text will change wet. I am going to SCP the file that we downloaded onto the B XL manager. Mobile X has SCP inbuilt to the application.
If you are using Putty, you could also use win SCP for the SCP service, then we're going to unzip the file and then we're going to change the permissions on it to give it execution permissions. And then we're going to run it using a dot and a slash with the file path. As we can see it is completed. And now we are going to go through the section of the KB to validate what we've done just to make sure that it all went through and that will be running each of these commands. And as you can see all of them came back with nothing, which is what we want. And if we're looking in this part of the KB, an example of an output for a jar file which is still impacted contains the impacted JND,
I look up dot class thank you for watching and have a wonderful day.
