CVE-2021-44228 vulnerability affects multiple VMware products

Recently, VMware has issued a security notice to alert that many VMware products are affected by the Apache Log4j2 remote code execution vulnerability (CVE-2021-44228). Because some functions of Apache Log4j2 have recursive parsing functions, unauthenticated attackers can execute arbitrary code in the affected VMware products by sending specially constructed data request packets. The PoC of the CVE-2021-44228 vulnerability has been made public and has been exploited in the wild.

Impacted Products (Under Evaluation)

VMware Horizon

VMware vCenter Server

VMware HCX

VMware NSX-T Data Center

VMware Unified Access Gateway

VMware WorkspaceOne Access

VMware Identity Manager

VMware vRealize Operations

VMware vRealize Operations Cloud Proxy

VMware vRealize Automation

VMware vRealize Lifecycle Manager

VMware Site Recovery Manager, vSphere Replication

VMware Carbon Black Cloud Workload Appliance

VMware Carbon Black EDR Server

VMware Tanzu GemFire

VMware Tanzu Greenplum

VMware Tanzu Operations Manager

VMware Tanzu Application Service for VMs

VMware Tanzu Kubernetes Grid Integrated Edition

VMware Tanzu Observability by Wavefront Nozzle

Healthwatch for Tanzu Application Service

Spring Cloud Services for VMware Tanzu

Spring Cloud Gateway for VMware Tanzu

Spring Cloud Gateway for Kubernetes

API Portal for VMware Tanzu

Single Sign-On for VMware Tanzu Application Service

App Metrics

VMware vCenter Cloud Gateway

VMware vRealize Orchestrator

VMware Cloud Foundation

VMware Workspace ONE Access Connector

VMware Horizon DaaS

VMware Horizon Cloud Connector

VMware NSX Data Center for vSphere

VMware AppDefense Appliance

VMware Cloud Director Object Storage Extension

VMware Telco Cloud Operations

VMware vRealize Log Insight

VMware Tanzu Scheduler

VMware Smart Assurance NCM

VMware Smart Assurance SAM [Service Assurance Manager]

VMware Integrated OpenStack

VMware vRealize Business for Cloud

(Additional products will be added)

At present, VMware has released a new version for the following products to fix the vulnerability, please affected users to upgrade the version as soon as possible, the download link and document of the corresponding product version are as follows:

VMware Product	Information
VMware Horizon 8.x, 7.x	https://kb.vmware.com/s/article/87073
VMware vCenter Server 7.x, 6.x	https://kb.vmware.com/s/article/87081
VMware HCX 4.x, 3.x	https://kb.vmware.com/s/article/86169
VMware NSX-T Data Center 3.x, 2.x	https://kb.vmware.com/s/article/87086
VMware Unified Access Gateway 21.x, 20.x, 3.x	https://kb.vmware.com/s/article/87092
VMware Workspace ONE Access 21.x, 20.10.x	https://kb.vmware.com/s/article/87090
VMware Identity Manager 3.3.x	https://kb.vmware.com/s/article/87093
VMware vRealize Operations 8.x	https://kb.vmware.com/s/article/87076
VMware vRealize Operations Cloud Proxy Any	https://kb.vmware.com/s/article/87080
VMware vRealize Log Insight 8.x	https://kb.vmware.com/s/article/87089
VMware Carbon Black Cloud Workload Appliance 1.x	https://community.carbonblack.com/t5/Threat-Research-Docs/Log4Shell-Mitigation-Steps-for-VMware-Carbon-Black-Cloud/ta-p/109167
VMware Carbon Black EDR Server 7.x, 6.x	https://community.carbonblack.com/t5/Threat-Research-Docs/Log4Shell-Mitigation-Steps-for-VMware-Carbon-Black-EDR/ta-p/109168
VMware Tanzu GemFire 9.x, 8.x	https://community.pivotal.io/s/article/Workaround-to-address-CVE-2021-44228-Apache-Log4j-Remote-Code-Execution-for-all-GemFire-versions
VMware Tanzu Greenplum 6.x	https://community.pivotal.io/s/article/Workaround-to-address-CVE-2021-44228-Apache-Log4j-Remote-Code-Execution-for-All-Greenplum-Versions
VMware Tanzu Operations Manager 2.x	https://community.pivotal.io/s/article/5004y00001mPn2N1639255611105
VMware Tanzu Application Service for VMs 2.x	https://community.pivotal.io/s/article/Workaround-instructions-to-address-CVE-2021-44228-in-Tanzu-Application-Service-2-7-through-2-12
VMware Tanzu Kubernetes Grid Integrated Edition 1.x	https://community.pivotal.io/s/article/Workaround-instructions-to-address-CVE-2021-44228-in-Tanzu-Kubernetes-Grid-Integrated
VMware Cloud Foundation4.x, 3.x	https://kb.vmware.com/s/article/87095
VMware Workspace ONE Access Connector (VMware Identity Manager Connector) 21.x, 20.10.x, 19.03.0.1	https://kb.vmware.com/s/article/87091
VMware Horizon DaaS 9.1.x, 9.0.x	https://kb.vmware.com/s/article/87101
VMware NSX Data Center for vSphere	https://kb.vmware.com/s/article/87099
VMware AppDefense Appliance	https://community.carbonblack.com/t5/Threat-Research-Docs/Log4Shell-Mitigation-Steps-for-AppDefense/ta-p/109180

Tags: vmware