Update on VMSA-2021-0028

NSX-T Data Center (2.5.0-3.1.3) (KB87086) – https://kb.vmware.com/s/article/87086?lang=en_US

•December 17th 2021 – 15:00 PST [6:00PM EST]: Added detail regarding NSX T 3.2.0 release pertinent to CVE-2021-44228 & CVE-2021-45046.

•December 17th 2021 – 17:00 PST [8:00PM EST: Changed the workaround provided to the new VMware recommended NSX-T workaround.

•December 20th 2021 – 4.00 PM IST [5:30AM EST]: Added a note related to workaround which need to be carried by all those customers who followed the previous version of workaround.

Details on the new updates for vRealize Operations (vROps) are as follows:

Not listed in the Security Advisory is the express patch release of VMware NSX-T Data Center 3.1.3.5 (GA’d earlier today) which also includes an update to Log4j to version 2.16* + other fixes.

Release Notes – https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.1/rn/VMware-NSX-T-Data-Center-3135-Release-Notes.html

Download – https://customerconnect.vmware.com/en/downloads/details?downloadGroup=NSX-T-3135&productId=982&rPId=81133

*A new vulnerability identified by CVE-2021-45105 has been disclosed by the Apache Software Foundation that impacts log4j releases prior to 2.17 in non-default configurations. Shortly after this announcement VMware began investigating the potential impact of this vulnerability. At the time of this update, VMware have not found a valid attack vector to exploit CVE-2021-45105 in any VMware products, but investigations will continue. VMware will update log4j to 2.17 in future releases of our products.

Please like and share to spread the knowledge in the community.

If you want to chat with me please use Twitter: @AngrySysOps

Visit my FB page: https://www.facebook.com/AngrySysOps

Read my blog: https://angrysysops.com

Subscribe to my channel : https://www.youtube.com/channel/UCRTcKGl0neismSRpDMK_M4A

Please leave the comment