NSX-T Data Center (2.5.0-3.1.3) (KB87086) – https://kb.vmware.com/s/article/87086?lang=en_US
•December 17th 2021 – 15:00 PST [6:00PM EST]: Added detail regarding NSX T 3.2.0 release pertinent to CVE-2021-44228 & CVE-2021-45046.
•December 17th 2021 – 17:00 PST [8:00PM EST: Changed the workaround provided to the new VMware recommended NSX-T workaround.
•December 20th 2021 – 4.00 PM IST [5:30AM EST]: Added a note related to workaround which need to be carried by all those customers who followed the previous version of workaround.
Details on the new updates for vRealize Operations (vROps) are as follows:
- VMware vROps 8.6.2 is GA and is a maintenance release which includes an update to Log4j to version 2.16* as well as other fixes detailed in the Release Notes https://docs.vmware.com/en/vRealize-Operations/8.6.2/rn/vrealize-operations-862-release-notes/index.html
- Functionality fixes are listed in KB article: https://kb.vmware.com/s/article/87154
Not listed in the Security Advisory is the express patch release of VMware NSX-T Data Center 188.8.131.52 (GA’d earlier today) which also includes an update to Log4j to version 2.16* + other fixes.
*A new vulnerability identified by CVE-2021-45105 has been disclosed by the Apache Software Foundation that impacts log4j releases prior to 2.17 in non-default configurations. Shortly after this announcement VMware began investigating the potential impact of this vulnerability. At the time of this update, VMware have not found a valid attack vector to exploit CVE-2021-45105 in any VMware products, but investigations will continue. VMware will update log4j to 2.17 in future releases of our products.
Please like and share to spread the knowledge in the community.
If you want to chat with me please use Twitter: @AngrySysOps
Visit my FB page: https://www.facebook.com/AngrySysOps
Read my blog: https://angrysysops.com
Subscribe to my channel : https://www.youtube.com/channel/UCRTcKGl0neismSRpDMK_M4A