Recently, VMware has issued a security notice to alert that many VMware products are affected by the Apache Log4j2 remote code execution vulnerability (CVE-2021-44228). Because some functions of Apache Log4j2 have recursive parsing functions, unauthenticated attackers can execute arbitrary code in the affected VMware products by sending specially constructed data request packets. The PoC of the CVE-2021-44228 vulnerability has been made public and has been exploited in the wild.
Impacted Products (Under Evaluation)
- VMware Horizon
- VMware vCenter Server
- VMware HCX
- VMware NSX-T Data Center
- VMware Unified Access Gateway
- VMware WorkspaceOne Access
- VMware Identity Manager
- VMware vRealize Operations
- VMware vRealize Operations Cloud Proxy
- VMware vRealize Automation
- VMware vRealize Lifecycle Manager
- VMware Site Recovery Manager, vSphere Replication
- VMware Carbon Black Cloud Workload Appliance
- VMware Carbon Black EDR Server
- VMware Tanzu GemFire
- VMware Tanzu Greenplum
- VMware Tanzu Operations Manager
- VMware Tanzu Application Service for VMs
- VMware Tanzu Kubernetes Grid Integrated Edition
- VMware Tanzu Observability by Wavefront Nozzle
- Healthwatch for Tanzu Application Service
- Spring Cloud Services for VMware Tanzu
- Spring Cloud Gateway for VMware Tanzu
- Spring Cloud Gateway for Kubernetes
- API Portal for VMware Tanzu
- Single Sign-On for VMware Tanzu Application Service
- App Metrics
- VMware vCenter Cloud Gateway
- VMware vRealize Orchestrator
- VMware Cloud Foundation
- VMware Workspace ONE Access Connector
- VMware Horizon DaaS
- VMware Horizon Cloud Connector
- VMware NSX Data Center for vSphere
- VMware AppDefense Appliance
- VMware Cloud Director Object Storage Extension
- VMware Telco Cloud Operations
- VMware vRealize Log Insight
- VMware Tanzu Scheduler
- VMware Smart Assurance NCM
- VMware Smart Assurance SAM [Service Assurance Manager]
- VMware Integrated OpenStack
- VMware vRealize Business for Cloud
- (Additional products will be added)
At present, VMware has released a new version for the following products to fix the vulnerability, please affected users to upgrade the version as soon as possible, the download link and document of the corresponding product version are as follows:
| VMware Product |
Information |
| VMware Horizon 8.x, 7.x |
https://kb.vmware.com/s/article/87073 |
| VMware vCenter Server 7.x, 6.x |
https://kb.vmware.com/s/article/87081 |
| VMware HCX 4.x, 3.x |
https://kb.vmware.com/s/article/86169 |
| VMware NSX-T Data Center 3.x, 2.x |
https://kb.vmware.com/s/article/87086 |
| VMware Unified Access Gateway 21.x, 20.x, 3.x |
https://kb.vmware.com/s/article/87092 |
| VMware Workspace ONE Access 21.x, 20.10.x |
https://kb.vmware.com/s/article/87090 |
| VMware Identity Manager 3.3.x |
https://kb.vmware.com/s/article/87093 |
| VMware vRealize Operations 8.x |
https://kb.vmware.com/s/article/87076 |
| VMware vRealize Operations Cloud Proxy Any |
https://kb.vmware.com/s/article/87080 |
| VMware vRealize Log Insight 8.x |
https://kb.vmware.com/s/article/87089 |
| VMware Carbon Black Cloud Workload Appliance 1.x |
https://community.carbonblack.com/t5/Threat-Research-Docs/Log4Shell-Mitigation-Steps-for-VMware-Carbon-Black-Cloud/ta-p/109167 |
| VMware Carbon Black EDR Server 7.x, 6.x |
https://community.carbonblack.com/t5/Threat-Research-Docs/Log4Shell-Mitigation-Steps-for-VMware-Carbon-Black-EDR/ta-p/109168 |
| VMware Tanzu GemFire 9.x, 8.x |
https://community.pivotal.io/s/article/Workaround-to-address-CVE-2021-44228-Apache-Log4j-Remote-Code-Execution-for-all-GemFire-versions |
| VMware Tanzu Greenplum 6.x |
https://community.pivotal.io/s/article/Workaround-to-address-CVE-2021-44228-Apache-Log4j-Remote-Code-Execution-for-All-Greenplum-Versions |
| VMware Tanzu Operations Manager 2.x |
https://community.pivotal.io/s/article/5004y00001mPn2N1639255611105 |
| VMware Tanzu Application Service for VMs 2.x |
https://community.pivotal.io/s/article/Workaround-instructions-to-address-CVE-2021-44228-in-Tanzu-Application-Service-2-7-through-2-12 |
| VMware Tanzu Kubernetes Grid Integrated Edition 1.x |
https://community.pivotal.io/s/article/Workaround-instructions-to-address-CVE-2021-44228-in-Tanzu-Kubernetes-Grid-Integrated |
| VMware Cloud Foundation4.x, 3.x |
https://kb.vmware.com/s/article/87095 |
| VMware Workspace ONE Access Connector (VMware Identity Manager Connector) 21.x, 20.10.x, 19.03.0.1 |
https://kb.vmware.com/s/article/87091 |
| VMware Horizon DaaS 9.1.x, 9.0.x |
https://kb.vmware.com/s/article/87101 |
| VMware NSX Data Center for vSphere |
https://kb.vmware.com/s/article/87099 |
| VMware AppDefense Appliance |
https://community.carbonblack.com/t5/Threat-Research-Docs/Log4Shell-Mitigation-Steps-for-AppDefense/ta-p/109180 |
