VMware published security advisory, VMSA-2021-0028, which impacts many VMware products through a Remote Code Execution (RCE) vulnerability via Apache Log4j. This is a CRITICAL Advisory with the highest possible severity (CVSSv3 score of 10 out of 10).
The VMSA will be the source of truth for all developments around this issue: https://www.vmware.com/security/advisories/VMSA-2021-0028.html. Evaluation is still underway, but a list of known affected products is included below. As of this note, workarounds are available for Horizon Connection Server & Agent, vRealize Operations & Cloud Proxy, NSX-T Data Center, and HCX. More updates to this advisory, including applicable workaround links, are expected throughout the weekend.
Impacted Products (Under Evaluation):
- VMware Horizon
- VMware vCenter Server
- VMware HCX
- VMware NSX-T Data Center
- VMware Unified Access Gateway
- VMware WorkspaceOne Access
- VMware Identity Manager
- VMware vRealize Operations
- VMware vRealize Operations Cloud Proxy
- VMware vRealize Log Insight
- VMware vRealize Automation
- VMware Telco Cloud Automation
- VMware Site Recovery Manager
- VMware Carbon Black Cloud Workload Appliance
- VMware Tanzu GemFire
- VMware Tanzu Greenplum
- VMware Tanzu Operations Manager
- VMware Tanzu Application Service for VMs
- VMware Tanzu Kubernetes Grid Integrated Edition
- VMware Tanzu Observability by Wavefront Nozzle
- Healthwatch for Tanzu Application Service
- Spring Cloud Services for VMware Tanzu
- Spring Cloud Gateway for VMware Tanzu
- Spring Cloud Gateway for Kubernetes
- API Portal for VMware Tanzu
- Single Sign-On for VMware Tanzu Application Service
- App Metrics
- VMware vCenter Cloud Gateway
- VMware Tanzu SQL with MySQL for VMs
- vRealize Orchestrator
- (Additional products will be added)
Reference:
FIRST CVSSv3 Calculator:
CVE-2021-44228: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H (10.0)
Mitre CVE Dictionary Links:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228
Please like and share to spread the knowledge in the community.
If you want to chat with me please use Twitter: @AngrySysOps
Visit my FB page: https://www.facebook.com/AngrySysOps
Read my blog: https://angrysysops.com
Subscribe to my channel : https://www.youtube.com/channel/UCRTcKGl0neismSRpDMK_M4A