CVE-2021-44228 vulnerability affects multiple VMware products

CVE-2021-44228 VMware

Recently, VMware has issued a security notice to alert that many VMware products are affected by the Apache Log4j2 remote code execution vulnerability (CVE-2021-44228). Because some functions of Apache Log4j2 have recursive parsing functions, unauthenticated attackers can execute arbitrary code in the affected VMware products by sending specially constructed data request packets. The PoC of the CVE-2021-44228 vulnerability has been made public and has been exploited in the wild.

Impacted Products (Under Evaluation)

  • VMware Horizon
  • VMware vCenter Server
  • VMware HCX
  • VMware NSX-T Data Center
  • VMware Unified Access Gateway
  • VMware WorkspaceOne Access
  • VMware Identity Manager
  • VMware vRealize Operations
  • VMware vRealize Operations Cloud Proxy
  • VMware vRealize Automation
  • VMware vRealize Lifecycle Manager
  • VMware Site Recovery Manager, vSphere Replication
  • VMware Carbon Black Cloud Workload Appliance
  • VMware Carbon Black EDR Server
  • VMware Tanzu GemFire
  • VMware Tanzu Greenplum
  • VMware Tanzu Operations Manager
  • VMware Tanzu Application Service for VMs
  • VMware Tanzu Kubernetes Grid Integrated Edition
  • VMware Tanzu Observability by Wavefront Nozzle
  • Healthwatch for Tanzu Application Service
  • Spring Cloud Services for VMware Tanzu
  • Spring Cloud Gateway for VMware Tanzu
  • Spring Cloud Gateway for Kubernetes
  • API Portal for VMware Tanzu
  • Single Sign-On for VMware Tanzu Application Service
  • App Metrics
  • VMware vCenter Cloud Gateway
  • VMware vRealize Orchestrator
  • VMware Cloud Foundation
  • VMware Workspace ONE Access Connector
  • VMware Horizon DaaS
  • VMware Horizon Cloud Connector
  • VMware NSX Data Center for vSphere
  • VMware AppDefense Appliance
  • VMware Cloud Director Object Storage Extension
  • VMware Telco Cloud Operations
  • VMware vRealize Log Insight
  • VMware Tanzu Scheduler
  • VMware Smart Assurance NCM
  • VMware Smart Assurance SAM [Service Assurance Manager]
  • VMware Integrated OpenStack
  • VMware vRealize Business for Cloud
  • (Additional products will be added)

At present, VMware has released a new version for the following products to fix the vulnerability, please affected users to upgrade the version as soon as possible, the download link and document of the corresponding product version are as follows:

VMware Product Information
VMware Horizon 8.x, 7.x https://kb.vmware.com/s/article/87073
VMware vCenter Server 7.x, 6.x https://kb.vmware.com/s/article/87081
VMware HCX 4.x, 3.x https://kb.vmware.com/s/article/86169
VMware NSX-T Data Center 3.x, 2.x https://kb.vmware.com/s/article/87086
VMware Unified Access Gateway 21.x, 20.x, 3.x https://kb.vmware.com/s/article/87092
VMware Workspace ONE Access 21.x, 20.10.x https://kb.vmware.com/s/article/87090
VMware Identity Manager 3.3.x https://kb.vmware.com/s/article/87093
VMware vRealize Operations 8.x https://kb.vmware.com/s/article/87076
VMware vRealize Operations Cloud Proxy Any https://kb.vmware.com/s/article/87080
VMware vRealize Log Insight 8.x https://kb.vmware.com/s/article/87089
VMware Carbon Black Cloud Workload Appliance 1.x https://community.carbonblack.com/t5/Threat-Research-Docs/Log4Shell-Mitigation-Steps-for-VMware-Carbon-Black-Cloud/ta-p/109167
VMware Carbon Black EDR Server 7.x, 6.x https://community.carbonblack.com/t5/Threat-Research-Docs/Log4Shell-Mitigation-Steps-for-VMware-Carbon-Black-EDR/ta-p/109168
VMware Tanzu GemFire 9.x, 8.x https://community.pivotal.io/s/article/Workaround-to-address-CVE-2021-44228-Apache-Log4j-Remote-Code-Execution-for-all-GemFire-versions
VMware Tanzu Greenplum 6.x https://community.pivotal.io/s/article/Workaround-to-address-CVE-2021-44228-Apache-Log4j-Remote-Code-Execution-for-All-Greenplum-Versions
VMware Tanzu Operations Manager 2.x https://community.pivotal.io/s/article/5004y00001mPn2N1639255611105
VMware Tanzu Application Service for VMs 2.x https://community.pivotal.io/s/article/Workaround-instructions-to-address-CVE-2021-44228-in-Tanzu-Application-Service-2-7-through-2-12
VMware Tanzu Kubernetes Grid Integrated Edition 1.x https://community.pivotal.io/s/article/Workaround-instructions-to-address-CVE-2021-44228-in-Tanzu-Kubernetes-Grid-Integrated
VMware Cloud Foundation4.x, 3.x https://kb.vmware.com/s/article/87095
VMware Workspace ONE Access Connector (VMware Identity Manager Connector) 21.x, 20.10.x, 19.03.0.1 https://kb.vmware.com/s/article/87091
VMware Horizon DaaS 9.1.x, 9.0.x https://kb.vmware.com/s/article/87101
VMware NSX Data Center for vSphere https://kb.vmware.com/s/article/87099
VMware AppDefense Appliance https://community.carbonblack.com/t5/Threat-Research-Docs/Log4Shell-Mitigation-Steps-for-AppDefense/ta-p/109180