For our SDM 17.1.0.11 instance for Step 2. of
CVE-2021-44228 - log4j Vulnerability in CA Service Desk Manager inside "$NX_ROOT\pdmconf\pdm_startup.i" I don't see a macro titled SDM_TELEMETRY, however this command is present in 5 other macros RPC_SRVR, PDM_MAILEATER_NXD, PDM_CATALOG_SYNC, PDM_XMATTERS_SYNC & PDM_HW_NXD
command = "$NX_JRE_INSTALL_DIR/bin/java -Djava.net.preferIPv4Stack=false
Step.3 for AMS isn't relevant for us either, as "
$NX_ROOT\bopcfg\www\CATALINA_BASE\webapps\AMS\WEB-INF\classes\log4j2.xml" doesn't exist.
Steps for our SDM 17.1.0.11 Windows Instance appear to be.
1. Open
$NX_ROOT\site\cfg\sdmp.log4j.properties and find and replace
%msg%n
with
%msg{nolookups}%n
2. Open $NX_ROOT\site\cfg\sdmp.log4j.properties.tpl and find and replace
%msg%n
with
%msg{nolookups}%n
3. Open $NX_ROOT\bin\sdmp.bat and find and replace
"%NX_JRE_INSTALL_DIR%/bin/java" -cp %LIB%/sdmp.jar
with
"%NX_JRE_INSTALL_DIR%/bin/java" -Dlog4j2.formatMsgNoLookups=true -cp %LIB%/sdmp.jar
4. Open NX_ROOT\java\lib\log4j-core-2.3.jar with 7-Zip (As Admistrator) and delete
JndiLookup.class from org/apache/logging/log4j/core/lookup